Today when I uploaded leak-monitor 0.4.1 to http://dbaron.org/mozilla/leak-monitor/ I initially got the file permissions incorrect (0600 instead of 0644) so that the first time I clicked on the "XPI file" link in that page, I got an error page just like the one I now put at http://dbaron.org/tmp/access-denied . After I fixed the permissions, I clicked the link again, and (after clicking "Allow") I got the extension installation mechanism. But when I clicked install, I was told that it couldn't be installed: "Not a valid install package", "-207". The browser clearly *had* gone back to the server to get the file again, since it got the new MIME type, but it was still using the old copy of the file. Steps to reproduce: 1. put a XPI on a Web server with incorrect permissions (chmod 600 file) such that it produces an error page like http://dbaron.org/tmp/access-denied 2. click a link to that XPI in Firefox 3. fix the permissions on the server (chmod 644 file) 4. hit the back button 5. click the link to that XPI again 6. choose "Allow" 7. choose "Install" 8. clear the cache using "Tools" -> "Clear Private Data" 9. repeat steps 5-7 Actual results: 2. error page 5. get site confirmation for XPI install 6. get XPI install dialog 7. A dialog with caption "Error" saying: Minefield could not install the file at http://dbaron.org/mozilla/leak-monitor/leakmonitor-0.4.1.xpi because: Not a valid install package -207 9. install works correctly Expected results (preferred): 7. install completes successfully Expected results (understandable but not preferred): 5. get the error page again (but in that case the install should complete successfully after an explicit Reload) It took me quite a while to figure out that this was a Firefox caching problem and not something I'd done incorrectly when making the XPI. Seen in Linux nightly 2008-02-14-04-trunk.