<quote author="Boris Zbarsky" src="http://bugzilla.mozilla.org/show_bug.cgi?id=124307#c14> 1) We create a temporary file without the user knowing on link click. Since this file is temporary, in a world-readable directory (/tmp) and the user does not know it exists permissions are set to 0600 at Create() time for security reasons. Not doing this would be bad. 2) Once the user has picked a final location for the file we MoveTo() to that location. MoveTo preserves file permissions, naturally. </quote> This bug is about to (possibly) remove that behaviour and store directly to the final file. If the download should already start before that (and the data go into RAN) or we should not start download until the user clicked OK, is up to discussion. Some discussion by me: Imagine something like <iframe src="http://some.badsite.kr/logger/targetid.exe"> in an HTML mail. With bug 109249 and this one, it'd guess that we start the transfer before the user even has chance to deny the download. Although starting the download while I am still selecting a filename does improve speed...

How is this different from mostfreq bug 55690?

*** This bug has been marked as a duplicate of 55690 ***

marking verified as a duplicate. if you decide to reopen this bug, please clarify why. search string for bugspam removal: SalviaGuaranitica