Comment 1 for bug 506702

The major thing to look for is .desktop files that trigger off of MimeTypes, yet actually run the target file. For example /usr/share/applications/openjdk-6-java.desktop:

...
Exec=/usr/lib/jvm/java-6-openjdk/bin/java -jar
...
MimeType=application/x-java-archive;application/java-archive;application/x-jar;

This leads to executing the JAR file, even when it lacks the execute bit.