The following issue was reported to us from Manuel Reimer: https://bugs.freedesktop.org/show_bug.cgi?id=19377 The basic summary, is that xdg-open detects the file mime type, and Firefox gets its mime type from the server. That means that a malicious site could trick a user into thinking they are downloading a PDF file, but could be treated differently by xdg-open.
*** This bug has been marked as a duplicate of bug 479010 ***