From Bugzilla Helper: User-Agent: Mozilla/5.0 (X11; U; Linux 2.2.16-3 i686; en-US; m18) Gecko/20001129 BuildID: 2000112921 I have discovered that when I fill some form in mozilla and submit it, it will create a file called "formpost" or "formpost" + some number in /tmp directory. Problem is that this file has permissions to be world-readable, so anyone with read permission in /tmp directory (usually all people have read-write permission there on most unix systems) can read it, possibly revealing passwords, email, credit card numbers, etc ... Reproducible: Always Steps to Reproduce: Submit any form with post method look into /tmp for file called "formpost" Actual Results: The file "formpost" is world-readable. (644 permission) It should have only 600 permission) Note that mozilla won't delete the files on exit Expected Results: Set that file to be not world-readable

Over to form manager component, severity to major, I guess this is a dup.

Confirming and changing component to "Form Submission".

eric, I'll let you handle this one, I know it is a favorite of yours.

Looks like a duplicate of bug 15320.

Thanks Richard! *** This bug has been marked as a duplicate of 15320 ***

vrfy dupe of bug 15320 Forms/Necko: Temp file left after file upload