$OpenBSD$

index d190973..6fcdac8 100644
--- modules/libjar/nsJARChannel.cpp.orig	Fri Feb 20 15:40:37 2015
+++ modules/libjar/nsJARChannel.cpp	Fri Feb 20 15:40:37 2015
@@ -764,6 +764,12 @@ nsJARChannel::AsyncOpen(nsIStreamListener *listener, nsISupports *ctx)
     if (NS_FAILED(rv))
         return rv;
 
+    // Check preferences to see if all remote jar support should be disabled
+    if (!mJarFile && Preferences::GetBool("network.jar.block-remote-files", true)) {
+        mIsUnsafe = true;
+        return NS_ERROR_UNSAFE_CONTENT_TYPE;
+    }
+
     // These variables must only be set if we're going to trigger an
     // OnStartRequest, either from AsyncRead or OnDownloadComplete.
     // 
@@ -898,6 +904,13 @@ nsJARChannel::OnDownloadComplete(nsIDownloader *downloader,
         mContentDisposition = NS_GetContentDispositionFromHeader(mContentDispositionHeader, this);
     }
 
+    // This is a defense-in-depth check for the preferences to see if all remote jar
+    // support should be disabled. This check may not be needed.
+    if (Preferences::GetBool("network.jar.block-remote-files", true)) {
+        mIsUnsafe = true;
+        status = NS_ERROR_UNSAFE_CONTENT_TYPE;
+    }
+
     if (NS_SUCCEEDED(status) && mIsUnsafe &&
         !Preferences::GetBool("network.jar.open-unsafe-types", false)) {
         status = NS_ERROR_UNSAFE_CONTENT_TYPE;