At present, Firefox will open a remote JAR file only if the server is configured to send a MIME type of
application/x-jar in the
Content-Type header, unless the “network.jar.open-unsafe-types” advanced preference is enabled in “about:config”.
Ensuring that the server really wants to provide an archive was done in order to avoid potential cross-site scripting in sites that allowed users to upload content. For more information, see: