From Bugzilla Helper: User-Agent: Mozilla/5.0 (X11; U; Linux 2.4.5 i686; en-US; rv:0.9.1) Gecko/20010607 BuildID: 2001060713 When sending large POST data mozilla creates world-readable files in /tmp directory with the contents of the POST data, and does not remove the files after the form is sent. For example: -rw-rw-r-- 1 antipode antipode 13262 Jun 23 13:53 formpost-25 -rw-rw-r-- 1 antipode antipode 7644 Jun 24 09:29 formpost-26 -rw-rw-r-- 1 antipode antipode 970062 Jun 25 04:03 formpost-27 This is a serious security flaw. Reproducible: Always Steps to Reproduce: 1. Go to, for example spamcop.net 2. Post a large message into the spam report area 3. have a look at /tmp: there is a "formpost" file Expected Results: 1. Not create the files in /tmp, but if it *does*, at least protect them by using more restrictive permissions

According to comment in bug 58690, this happens "for file upload (multipart/form-data), *not* general form post". If that is the behaviour you too see, this is a duplicate of bug 15320

Yes, this seems to be a duplicate of 15320. The only thing is that it seems that 15320 implies that the problem exists only for file uploads, but it also does for large <textarea> data. Thanks. *** This bug has been marked as a duplicate of 15320 ***

vrfy dup