User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.11) Gecko/20071127 Firefox/2.0.0.11 Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.11) Gecko/20071127 Firefox/2.0.0.11 This problem can be used to crash the users firefox browser just by clicking a weblink; especially on a uniprocessor systems. I have duplicated this problem on several computers including a FRESH build of XP (latest patches) and firefox 2.0.0.11. Systems tested included pentium-M (uniprocessor) dell pc with 2GB Ram [fresh clean build with latest patches] and AMD64Turionx2 (dual-core) PC with 1GB ram; firefox crashed on both systems the same way. On the uniprocessor system, FF would not close, all CPU resources seemed to be used to render the openSuse CD ISO image file as if it were a webpage; I had to use the task manager to force 'kill' of firefox. I went to the site 'software.opensuse.org', clicked on the link labeled "Live CD KDE (685MB)", was redirected to: http://linux.nssl.noaa.gov/opensuse/distribution/10.3/iso/cd/openSUSE-10.3-GM-KDE-Live-i386.iso immediately, firefox attempted to render ISO (CD image) file as if it were a web page, instead of prompting the user with a dialogue box asking where to save the file. I tried to duplicate the problem by entering the above link directly in the URL bar and the same thing happened; BUT THIS PROBLEM DOES NOT OCCUR WITH IE7; if I use IE7 enter the same NASA link into IE7's URL bar, IE7 correctly prompts with a dialogue box appears asking where to save the CD ISO image. Reproducible: Always Steps to Reproduce: 1.enter the link: http://linux.nssl.noaa.gov/opensuse/distribution/10.3/iso/cd/openSUSE-10.3-GM-KDE-Live-i386.iso 2.hit enter or click on the 'GO' button 3.This NASA repository for opensuse Live CD to which many users will be redirected to from the opensuse download page software.opensuse.org, "live CD KDE (685MB) link" exposes the problem ; this problem does NOT occur when redirected to other opensuse repositories such as ftp.osuosl.org Actual Results: Firefox locks-up Firefox will open the ISO (CD image) file as if it were a web page and then attempt to render it, instead of prompting the user with a dialogue box asking where to save the file. All CPU resources seemed to be used to render the openSuse CD ISO image file as if it were a webpage; THIS PROBLEM DOES NOT OCCUR WITH IE7; if I use IE7 when I click on the link, a dialogue box appears asking where to save the CD ISO image. Expected Results: Displayed a dialog box prompting the user as to where to save the file, NOT render the ISO image as if it where an HTML page. Firefox immediately begins to chew-up all CPU time (99%); slowing the computer to a crawl AND on uniprocessor systems, becoming too sluggish to close using the close button; forcing me to close the application via task manager.

This is probably a dupe of the core bug about us respecting server-side content/mime-types when sometimes we might not want to, but I can't seem to find it right now. I doubt this is security sensitive.

The Content-Type shouldn't be text/plain. -- URL=http://linux.nssl.noaa.gov/opensuse/distribution/10.3/iso/cd/openSUSE-10.3-GM-KDE-Live-i386.iso Result code: 200 (OK / OK) Date: Sun, 02 Dec 2007 22:48:01 GMT Server: Apache/2.0.52 (Red Hat) Last-Modified: Fri, 02 Nov 2007 11:11:06 GMT Accept-Ranges: bytes Content-Length: 718159872 Content-Type: text/plain; charset=UTF-8

I wonder if we shouldn't warn on such overly large pages though.

This reproduces in trunk and is expected since the server is misidentifying the file.

I think I was looking for bug 390051. I believe this is a dupe of that bug.