consider blocking remote jar files at Low Security
Mozilla recently blocked remote jar files by default:
Then they had to re-enable the remote jar files again in the release, because users of IBM iNotes (some sort of webmail thing) ran into an incompatibility.
In any case, Mozilla's intention is to block by default again in the future. So when that happens, if not sooner, we should ensure that our security slider is not re-enabling remote jar files at Low Security.