On Firefox 66 and later, in order to avoid DoS-like attacks, external protocol URLs that don’t return any data can no longer be loaded in an
<iframe>. The affected protocols include
mailto that could be used to open an email client, as shown below:
<!-- This kind of URLs will be blocked from now on --> <iframe src="mailto:email@example.com"></iframe> <iframe src="ircs://irc.mozilla.org/firefox"></iframe> <iframe src="itms://itunes.apple.com/us/app/apple-store/id989804926"></iframe>
Regular links like
location.href='mailto:...' will continue working.
Update: This change has been postponed to Firefox 67 so Mozilla developers can deal with site compatibility issues.