A maintenance release of Firefox 125.0.2 is available, which disables the feature introduced in Firefox 125 to block downloads of files from untrusted URLs. In some situations, this functionality led to the download of other files instead of the requested ones (for example, when the “dom.block_download_insecure” setting was enabled, an attempt to download a CSV file resulted in the download of a file with the HTML text of the page). The blocking mode for dangerous downloads is planned to be finalized and reactivated in one of the next releases.
The release note also notes another unusual issue that is planned to be fixed in the next Firefox 125.0.3 update, scheduled for April 30. The essence of the problem is that after updating to Firefox 125, some users periodically began spontaneously opening new tabs with the URL “https://0.0.0.1” in the address bar. The effect only appeared on the Windows platform. Analysis of the situation showed that tabs appear when trying to launch another copy of Firefox from the command line when Firefox is already running. Users who are experiencing this problem, unless they have run new copies of Firefox themselves, are advised to check their systems with antivirus software, as such activity may be the result of malware.
The appearance of a tab with the address “https://0.0.0.1” is caused by an error in the “Application Launch Prefetcher” handler. In the Firefox 125 branch, when launching an additional process, the nsWinRemoteClient::SendCommandLine method is used with the addition of the “/prefetch:1” option to the command line, which is converted to “-prefetch 1” during parameter parsing. In the future, the “-prefetch” parameter is ignored, and the remaining one is perceived as the URL to open (equivalent to running “firefox.exe 1”), which leads to an attempt to open the site “https://0.0.0.1”.
Source: opennet.ru