SUMMARY When following an attachment link https://bugs.kde.org/attachment.cgi?id=XXXXXX&action=edit there is a frame, which tries to load data from a different subdomain, what seems to be forbidden by frameoptions and results in the error message: Firefox Can’t Open This Page To protect your security, bugsfiles.kde.org will not allow Firefox to display the page if another site has embedded it. To see this page, you need to open it in a new window.
Not ideal that Bugzilla has this functionality, as it means we have to remove that header from bugs.kde.org (and bugsfiles.kde.org in turn). I've now made that change.
I am not sure what headers you had set, but I think the X-Frame-Options (or similar) is quite strict, but you can use CSP with frame-src to selectively allow only some domains. They way you can probably still prevent framing in third-party sites without breaking the frame on bugs.kde.org itself.
This is not fixed and can still be reproduced here: https://bugs.kde.org/attachment.cgi?id=161716&action=edit
Regressed due to browser behaviour changes. Has now been fixed again.