Mozilla Firefox 79, Mozilla Firefox ESR 78.1 and Mozilla Thunderbird 78.1: Mozilla developer Anne van Kesteren discovered that iframe sandbox with the allow-popups flag could be bypassed when using noopener links. This could have led to security issues for websites relying on sandbox configurations that allowed popups and hosted arbitrary content.