Mozilla rolls out protection measures to block code injection attacks in the Firefox web browser. The attack surface being reduced by removing eval()-like functions and inline scripts occurrences. Mozilla rewrote all inline event handler and moved inline JavaScript code to packaged files for all Firefox about:pages. Mozilla also discovered calls to eval() outside the Firefox codebase while working on removing all eval() functions. Mozilla says that the browser will disable the “blocking mechanism and allow usage of eval()”” to allow users to customize their Firefox experience.”
Source: https://www.bleepingcomputer.com/news/security/mozilla-rolls-out-code-injection-attack-protection-in-firefox/