Bostanov suggests a scenario where a user is persuaded to download a malicious HTML file through the usual tricks (“Click here for your free iPad!”)
No need for that. Firefox will quietly accept a file attachment and save it to your download folder, unless they’ve fixed that old old error since last October. Maybe I should point that out to them?
