COMMAND

    netscape

SYSTEMS AFFECTED

    Netscape Navigator 3.x, Communicator 4.x (win systems)

PROBLEM

    'kelani'  found  following.   In  the  Netscape  Navigator 3.x and
    Communicator  4.x  installations  where  all  users share a common
    login,  Navigator  seems  to  write  a  'nsformXX.tmp' file when a
    user  fills  out  a  form  on  a  webpage.  This file contains the
    fields the user filled in as plaintext, and looks like this:

        Content-type: multipart/form-data;
        boundary=---------------------------158841797149
        Content-Length: 108

        -----------------------------158841797149
        Content-Disposition: form-data; name="username"

        joe_user
        -----------------------------158841797149
        Content-Disposition: form-data; name="password"

        password
        -----------------------------158841797149--

        etc...

    Scanning  through  the  networked  drives  may give over 1000 such
    files, dating back months;  most with complete login  and password
    information to users' web  mail accounts, personal homepages,  and
    even  a  credit-card  numbers.   Setting  memory  /  disk cache to
    various settings,  including "0"  won't fix  the problem,  nor did
    clearing the cache.

    Andy Avery found that there are two conditions that *must* be  met
    for this to happen:

        #1) The  form that  is submitted  must be  a MIME-Encoded form
            (enctype="multipart/form-data"  in  the  <form>  tag) as
            opposed to the default of a URL-Encoded form.  (if there's
            no  "enctype"  element  in  a  <form>  tag, it defaults to
            URL-Encoded)

        #2) the environmental variable TEMP  *must* be set.  This  was
            not  the  case  for  my  setup  until  I  added  it  in my
            autoexec.bat and rebooted.

     This was tested using Communicator v4.04 on Win95.

SOLUTION

    See above when it happens and try to restict this behaviour.