Steps to reproduce:
Open a listener on port 445(smb) anywhere on the internet. A simple
ncat -lvp 445 is enough for obtaining a real IP address bypassing browser's proxy settings(impacts tor browser), although responder(https://github.com/lgandx/Responder) can also be used to grab more data about the user including arbitrary environment variables, the real username and the NTLM password hash.
Create a file with an url extension containing the following contents and host it anywhere on the web(replacing x.x.x.x with the ip of the listener created in the previous step).
- Download the file created in the previous step.
Firefox downloaded the file. If you were to open the downloads directory in windows file explorer it would send out a ping to the server containing a lot of potentially sensitive data.
Firefox should have flagged the file as potentially malicious and not downloaded it automatically even with
browser.download.always_ask_before_handling_new_types set to false.
This is the behavior of the chromium browser(https://bugs.chromium.org/p/chromium/issues/detail?id=335029)