This is barely a DoS, but since Chrome has explicit protection against it, we decided to disclose it.
If firefox user visits a specially crafted page, then firefox
may create many files in ~/Downloads, The user is
notified about this in a small dialog, but there is no option to
stop the downloads. The potential denial of service is that the
user must manually delete the created files and this might be
PITA.
Technically about the PoC: create non-empty file
xml.doc. To force download, add to the page
iframe src="xml.doc". To force creation of new files,
add body onload="location.reload()" (there are several
other options about this).
To out surprise, Chrome is safe from this and it distinguishes manual download from automated download and this might be because it is aware about this DoS.
Affected: firefox 117 on GNU/Linux and reportedly on Windows. Not Affected: firefox on android, Chrome, lynx.