Fixes CVE-2024-11697 (Improper Keypress Handling in Executable File Confirmation Dialog)
Copied from <https://hg.mozilla.org/releases/mozilla-esr128/rev/936e95e3b008cb9bcccd1512332b45757a4bb7f6>

# HG changeset patch
# User Gijs Kruitbosch <gijskruitbosch@gmail.com>
# Date 1731505009 0
# Node ID 936e95e3b008cb9bcccd1512332b45757a4bb7f6
# Parent  fbed98e3e9cdc2f99af7a2a14f7184f51fe07d8e
Bug 1842187  a=dmeehan

Original Revision: https://phabricator.services.mozilla.com/D223948

Differential Revision: https://phabricator.services.mozilla.com/D228631

diff --git a/toolkit/components/downloads/DownloadUIHelper.sys.mjs b/toolkit/components/downloads/DownloadUIHelper.sys.mjs
--- a/toolkit/components/downloads/DownloadUIHelper.sys.mjs
+++ b/toolkit/components/downloads/DownloadUIHelper.sys.mjs
@@ -166,17 +166,20 @@ DownloadPrompter.prototype = {
 
     const title = lazy.l10n.formatValueSync(
       "download-ui-file-executable-security-warning-title"
     );
     const message = lazy.l10n.formatValueSync(
       "download-ui-file-executable-security-warning",
       { executable: PathUtils.filename(path) }
     );
-    return this._prompter.confirm(title, message);
+    let flags =
+      Ci.nsIPrompt.BUTTON_DELAY_ENABLE | Ci.nsIPrompt.STD_OK_CANCEL_BUTTONS;
+    let nulls = Array(4).fill(null);
+    return 0 == this._prompter.confirmEx(title, message, flags, ...nulls, {});
   },
 
   /**
    * Displays a warning message box that informs that there are active
    * downloads, and asks whether the user wants to cancel them or not.
    *
    * @param aDownloadsCount
    *        The current downloads count.