as annoying as this is, this is not a security bug
Um...here's the problem: This URL feeds an HTML document with text/html: http://www.geocities.com/jeffreychanff8/ Then has an EMBED tag like: <EMBED src=http://www.geocities.com/jeffreychanff8/ ..which takes us for a loop... This is partly blocked by handling relative urls that hand back text/html in bug 157554.
*** Bug 199631 has been marked as a duplicate of this bug. ***
I believe this has long since been fixed, documents are only allowed in <objects> now, which check against recursive loads. Keeping this open to ensure bug 745030 doesn't regress, and to add tests.