Hi again DavidR,
Given how your system is currently configured, it makes sense that you aren't running into the "canceled Firefox downloads due to windows security policy settings" issue. In order to see it with Firefox 4, scanWhenDone must be set to its default of true and the site you are downloading the exe from must be one for which the Windows Internet Option "Launching applications and unsafe files" is disabled. IOW, you would have to attempt to replicate it to replicate it. Which isn't worth the time unless one wanted to test Avast in some way.
Once upon a time I thought having the browser be AV-aware made some sense, as I believed at the time there might be scenarios where something downloaded could be acted upon by the browser before the AV program would normally catch it. One potential example being the downloading of active content (such as javascript, java, ...) via HTTPS where said content is parsed/executed by the browser as it is downloaded rather than after it has been [fully] written to the filesystem and fully scanned by the AV program's filesystem hooks. Theoretically at least, a browser (or extension/plugin, etc) doesn't HAVE to write some content to the filesystem at all... it could simply retrieve it into memory (via an encrypted connection which can't be scanned by ordinary proxies). In which case, it would seem advantageous for the browser to be able to explicitly invoke an AV scan of that content via special AV interface.
I don't know whether the potential attack vector described applies to modern browsers and AV programs... or directly relates to the scanWhenDone setting... but figured I'd mention it and see what you and others think.