02-FEB-99 - http://www.skylab.org/netscape/index.html

 Yet another browser bug was found late last week. This time in
 Netscape's Communicator 4.5.

 The problem appears with the way Netscape handles forms. In many cases,
 the browser will store data entered on a FORM in C:\WINDOWS\TEMP in a
 NSFORM*.TMP file. This file is supposed to be deleted when its use is
 completed. Unfortunately, this does not happen and the file is left in the temp
 directory for prying eyes to see.

 Depending on the site you are visting and the nature of the form, you could
 uknowingly reveal everything from your phone number and address to your
 credit card and Social Security number.

 The only solution? Other than avoiding forms altogether, the only option is to
 scan the temp directory and manually delete the NSFORM*.TMP file. It is
 expected that the final release of Netscape Communicator 4.51 will resolve
 the issue. At this time, however, the 4.51 beta has the same problem.

 Here is an example of NSFORM*.TMP's content when opened with a
 text-editor:


 Date: Wed, 03 Feb 1999 21:34:01 -0800
 From: John Doe 
 X-Mailer: Mozilla 4.5 [en] (Win98; I)
 X-Accept-Language: en
 MIME-Version: 1.0
 To: info@website.net
 subject%3Dcontactme: 
 Subject: Form posted from Mozilla
 Content-type: text/plain
 Content-Disposition: inline; form-data

 Firstname=John  
 Lastname=Doe
 Address1=123 NE Main Street
 City=New York
 State=NY
 Zipcode=01102   
 Homephone=206-123-4567
 Workphone=   
 206-345-6789< A
 href="mailto:UserEmail=
 jdoe@email.org">
 UserEmail=
 jdoe@email.org
 MessageType=emailme
 Subject=Customer Service Request
 SubjectOther=
 Comments=I have been a long time customer of your company, and
 until today-- always satisfied... blah blah blah.  More writing.
 And more and more... blah blah blah.

 As you can see, a lot of information can be extracted from an unsuspecting
 user's computer. The above example is just the tip of the ice-berg so to
 speak.