MFSA-2020-0003: Using object or embed tags, it was possible to frame other websites, even if they disallowed framing using the X-Frame-Options header. Fixed in 78.0.2.
This seems to have only affected non-stable versions. Fixed in tree now.