At present, Firefox will open a remote JAR file only if the server is configured to send a MIME type of application/java-archive or application/x-jar in the Content-Type header, unless the “” advanced preference is enabled in “about:config”.

Ensuring that the server really wants to provide an archive was done in order to avoid potential cross-site scripting in sites that allowed users to upload content. For more information, see: