Comment 0 for bug 1477432

Browser open *.http objects instead of download them.

XSS flaws occur when an application includes user supplied data in a page sent to the browser without properly validating or escaping that content
Cross-Site Scripting attacks are a type of injection attack, in which malicious scripts are injected into the otherwise benign and trusted web sites. Cross-site scripting (XSS) attacks occur when an attacker uses a web application to send malicious code, generally in the form of a browser side script, to a different end user.

Affected URL:
/horizon/project/containers/

Fix: browser should download but not open *.http objects