CVE-2020-15648
Using object or embed tags, it was possible to frame other websites, even if they disallowed framing using the X-Frame-Options header. This vulnerability affects Thunderbird < 78 and Firefox < 78.0.2. Date published : 2020-08-10 https://bugzilla.mozilla.org/show_bug.cgi?id=1644076