GitPedia
Home/HorlogeSkynet/thunderbird-user.js/Changelog
HorlogeSkynet

HorlogeSkynet/thunderbird-user.js

Thunderbird privacy, security and anti-fingerprinting: a comprehensive user.js template for configuration and hardening

29 Releases
Latest: 7mo ago
v140.2Latest
HorlogeSkynetHorlogeSkynetΒ·7mo agoΒ·November 8, 2025
GitHub

πŸ“‹ What's Changed

  • > This release addresses Thunderbird 140 ESR.
  • ---

✨ Added

  • Disables `javascript.options.native_regexp` (see #67)

πŸ“‹ Changed

  • Arkenfox [v140.0...v140.1](https://github.com/arkenfox/user.js/compare/140.0...140.1) migration
  • (i.e. re-enables browsing and downloads history, see arkenfox/user.js#1974)
  • Prevents `calendar.timezone.local` from being remapped to `Etc/UTC` (see #69)
  • Resets `mailnews.display.date_senders_timezone` (9124) to show sender's TZ (see #69)
v140.1
HorlogeSkynetHorlogeSkynetΒ·8mo agoΒ·September 28, 2025
GitHub

πŸ“‹ What's Changed

  • > This release addresses Thunderbird 140 ESR.
  • ---

πŸ“‹ Changed

  • Explicitly disables system timezone detection (9312) (see #69)
v140.0
HorlogeSkynetHorlogeSkynetΒ·8mo agoΒ·September 28, 2025
GitHub

πŸ“‹ What's Changed

  • > This release addresses Thunderbird 140 ESR.
  • ---

πŸ“‹ Changed

  • Arkenfox v128.0...v140.0 migration (see #65)
  • Enables User-Agent header display in message pane (9121) (see #65)
  • Prevents MUA information leakage through User-Agent header (9126) (see #60)
v128.2
HorlogeSkynetHorlogeSkynetΒ·8mo agoΒ·September 28, 2025
GitHub

πŸ“‹ What's Changed

  • > This release addresses Thunderbird 128 ESR.
  • ---

πŸ“‹ Changed

  • Enables User-Agent header display in message pane (9121) (see #65)
v128.1
HorlogeSkynetHorlogeSkynetΒ·8mo agoΒ·September 28, 2025
GitHub

πŸ“‹ What's Changed

  • > This release addresses Thunderbird 128 ESR.
  • ---

πŸ“‹ Changed

  • Explicitly disables system timezone detection (9312) (see #69)
  • Prevents MUA information leakage through User-Agent header (9126) (see #60)
v128.0
HorlogeSkynetHorlogeSkynetΒ·1y agoΒ·November 7, 2024
GitHub

πŸ“‹ What's Changed

  • > This release addresses Thunderbird 128 ESR.
  • ---

✨ Added

  • Mentions RFP breaks mozAddonManager integration (AMO/ATN)
  • Vendors/Adapts Arkenfox updater/prefsCleaner scripts (see https://github.com/HorlogeSkynet/thunderbird-user.js/pull/55)

πŸ“‹ Changed

  • Arkenfox v115.1..v128.0 migration (see #55)
  • Resets `mail.showCondensedAddresses` (9111)
  • Enables project notes (start page) (see https://github.com/HorlogeSkynet/thunderbird-user.js/pull/52)
  • Enables sending HTML emails and "resume from crash" (see https://github.com/HorlogeSkynet/thunderbird-user.js/pull/49)
  • Enforce secure autoconfig and fetching from Exchange (see https://github.com/HorlogeSkynet/thunderbird-user.js/pull/50)
v115.0
HorlogeSkynetHorlogeSkynetΒ·2y agoΒ·November 18, 2023
GitHub

πŸ“‹ What's Changed

  • > This release addresses Thunderbird 115 ESR.
  • ---

✨ Added

  • `mail.inline_attachments.text`
  • `mail.html_sanitize.drop_conditional_css`
  • `datareporting.policy.dataSubmissionPolicyBypassNotification`

πŸ“‹ Changed

  • Arkenfox v102.1..v115.1 migration

πŸ› Fixed

  • Missing semi-colon in (reset) `mail.rights.version`

πŸ—‘οΈ Removed

  • `intl.fallbackCharsetList.ISO-8859-1`
  • `mailnews.view_default_charset`
  • `mailnews.send_default_charset`
  • `mailnews.reply_in_default_charset`
v102.2
HorlogeSkynetHorlogeSkynetΒ·3y agoΒ·March 6, 2023
GitHub

πŸ“‹ What's Changed

  • > This release addresses Thunderbird 102 ESR.
  • ---

✨ Added

  • `mail.compose.warned_about_customize_from`
  • Microsoft Office 365 and Yahoo OAuth2 support in [dedicated wiki page](https://github.com/HorlogeSkynet/thunderbird-user.js/wiki/3.1-OAuth2-Users)

πŸ“‹ Changed

  • Reset `signon.rememberSignons`
  • Noted (again !) that `security.cert_pinning.enforcement_level` should be relaxed for first ProtonMail Bridge integration

πŸ—‘οΈ Removed

  • Duplicate `network.cookie.lifetimePolicy`
  • ---
  • Thanks to @atomGit, @giving-sesame and @oleole39 for their time πŸ™
v102.1
HorlogeSkynetHorlogeSkynetΒ·3y agoΒ·October 2, 2022
GitHub

πŸ“‹ What's Changed

  • > This release addresses Thunderbird 102 ESR.
  • ---

✨ Added

  • `mail.openpgp.remind_encryption_possible`

πŸ“‹ Changed

  • Due to Thunderbird 102 "ETP Strict Mode" lack of support (see #27 and #28), we :
  • Re-enabled FPI ;
  • Re-enabled DNT header ;
  • Restored `network.cookie.cookieBehavior` tweak ;
  • Re-enabled ETP with custom settings (including query parameter stripping) ;
  • Re-dealt with persistent storage-related preferences (`2700`).
  • `mail.biff.alert.show_*` preferences have been reset to their default values (if you need them, add them to your override script)

πŸ—‘οΈ Removed

  • `privacy.userContext.newTabContainerOnLeftClick.enabled` (unimplemented)
  • ---
  • Thanks to @atomGit for their recommendations πŸ™
v102.0
HorlogeSkynetHorlogeSkynetΒ·3y agoΒ·September 28, 2022
GitHub

πŸ“‹ What's Changed

  • > This release addresses Thunderbird 102 ESR.
  • ---

✨ Added

  • `app.use_without_mail_account`
  • `mailnews.message_display.disable_remote_image`
  • `mail.compose.add_link_preview`
  • `mail.compose.warn_public_recipients.*`
  • `mail.biff.use_new_count_in_badge`
  • `mail.biff.show_alert` & `mail.biff.alert.show_*`
  • `calendar.extract.service.enabled`

πŸ“‹ Changed

  • Apply (upstream) Arkenfox v78..v91 upstream migration
  • Removes unnecessary leading spaces in some documentation lines
  • Migrate to `mail.default_send_format` to send plaintext email (v101)

πŸ—‘οΈ Removed

  • Cleans outdated `0300` section documentation (related to auto-install)
  • Gets rid of `mail.calendar-integration.opt-out` & `calendar.useragent.extra`
  • ---
  • Thanks to @Dupond for reviewing/testing this version πŸ™
v91.2
HorlogeSkynetHorlogeSkynetΒ·3y agoΒ·August 24, 2022
GitHub

πŸ“‹ What's Changed

  • > This release addresses Thunderbird 91 ESR.
  • ---

πŸ“‹ Changed

  • Prefer "HTML" literal (uppercased) when used in documentation
  • Improve `permissions.memory_only` preference documentation (see #23)
  • Move (and reset) `mail.tabs.autoHide` from `9110` to `9000` (personal section) (see #21 and #25)
  • ---
  • Thanks to @demided (@ghost) and @jakeafoster for their time !
v91.1
HorlogeSkynetHorlogeSkynetΒ·4y agoΒ·May 25, 2022
GitHub

πŸ“‹ What's Changed

  • > This release addresses Thunderbird 91 ESR.
  • ---

✨ Added

  • Enforce `mail.suppress_content_language` preference (see #19)
  • Enforce `mail.sanitize_date_header` preference (see #19)
  • Mention `mail.compose.other.header` preference (see #19)
  • Note that an empty User-Agent may break Microsoft Exchange OAuth2 for non-RFP (see #19)

πŸ“‹ Changed

  • Bump `actions/checkout` and `actions/setup-node` to v3
  • ---
  • Thanks to @giving-sesame for their suggestions !
v78.2
HorlogeSkynetHorlogeSkynetΒ·4y agoΒ·May 24, 2022
GitHub

πŸ“‹ What's Changed

  • > This release addresses Thunderbird 78 ESR.
  • ---

✨ Added

  • Enforce `mail.suppress_content_language` preference (see #19)
  • Enforce `mail.sanitize_date_header` preference (see #19)
  • ---
  • Thanks to @giving-sesame for their suggestions !
v91v91.0
HorlogeSkynetHorlogeSkynetΒ·4y agoΒ·April 18, 2022
GitHub

πŸ“‹ What's Changed

  • > This release addresses the v91 (ESR) Thunderbird stable branch.
  • ---
  • > ⚠️
  • > Due to upstream sections "namespace" changes, mail-related preferences sections have been shifted from `6000 / 6100 / 6200 / 6300` to `9100 / 9200 / 9300 / 9400`.
  • > You are advised to reinstall from scratch the template and append your preferences overrides on top of it.
  • > ⚠️
  • ---

πŸ’₯ Breaking

  • Move mail-related preferences sections from `6XXX` to `9XXX`
  • Disable very buggy `mail.password_protect_local_cache` preference
  • Show a prompt when opening a link in external applications (hardening)

✨ Added

  • Apply (upstream) Arkenfox `v78..v91` upstream migration
  • `mail.phishing.detection.*` preferences
  • `security.osclientcerts.autoload` preference
  • `mail.biff.show_badge` new preference (TB >= v91.0.2)

πŸ“‹ Changed

  • `[SETTING]` tags global cleanup
  • Enforce `mail.phishing.detection.*` preferences
  • Enable `mailnews.sendformat.auto_downgrade` preference
  • Higher `mail.compose.big_attachments.threshold_kb` to 9220KB
  • Hide sensitive information from chat desktop notifications (when enabled)

πŸ—‘οΈ Removed

  • Autocrypt and Enigmail addons related preferences
  • `permissions.default.*` preferences (missing from TB)
  • `mail.cloud_files.inserted_urls.footer.link` dropped preference
  • `toolkit.telemetry.prompted` (apparently dropped) preference
v78.1
HorlogeSkynetHorlogeSkynetΒ·4y agoΒ·December 14, 2021
GitHub

> Fix release addressing the v78 Thunderbird stable branch. :bug: :lock: Fix an issue causing `privacy.sanitize.sanitizeOnShutdown` to be ignored :lipstick: Don't clear `mail.collect_addressbook` pref (feature already disabled) --- Thanks to @atomGit for pointing those out :pray:

v78v78.0
HorlogeSkynetHorlogeSkynetΒ·4y agoΒ·August 28, 2021
GitHub

> Final release addressing the v78 Thunderbird stable branch. :new: Enforce Arkenfox `v68..v78` changes :lock: Add some new hardening :lock: Prevent some system settings from leaking in reply header :writing_hand: Send emails in plain text by default :no_mouth: Hide `about:rights` notification for fresh profiles

v78-beta6Pre-release
HorlogeSkynetHorlogeSkynetΒ·5y agoΒ·November 23, 2020
GitHub

> This tag addresses the v78 Thunderbird branch. > As always, test and feedback will be very appreciated. :bug: Re-enable `dom.IntersectionObserver.enabled` by default as it may break error console (see #13)

v78-beta5Pre-release
HorlogeSkynetHorlogeSkynetΒ·5y agoΒ·November 12, 2020
GitHub

> This tag addresses the v78 Thunderbird branch. > As always, test and feedback will be very appreciated. :new: Some more hardening from [12bytes.org](https://12bytes.org/articles/tech/the-thunderbird-privacy-guide-for-dummies) related project :new: For fresh profiles, hide `about:rights` notification :bug: (Re-)disable some previously (un)commented-out options related to RSS feeds (see [v78-beta2](https://github.com/HorlogeSkynet/thunderbird-user.js/releases/tag/v78-beta2)) :memo: Proper GitHub templates for issues and pull request

v78-beta4Pre-release
HorlogeSkynetHorlogeSkynetΒ·5y agoΒ·November 8, 2020
GitHub

> This tag addresses the v78 Thunderbird branch. > As always, test and feedback will be very appreciated. :new: Acorn static linting has been replaced by a tailored ESLint one (see #11 for underlying purposes) :new: Add very basic CardBook (optional) privacy hardening (see also upcoming #12) :bug: Remove old UX features that seem not to be available anymore :new: When master password is set, enable (poor) application protection for locally cached emails (intimate relationship threat)

v78-beta3Pre-release
HorlogeSkynetHorlogeSkynetΒ·5y agoΒ·November 4, 2020
GitHub

> This tag addresses the v78 Thunderbird branch. > As always, test and feedback will be very appreciated. :bug: Fixes missing semicolons for new `mail.instrumentation.*` preferences (thanks to @wickedsp1d3r :bow:) :new: Limits some information (such as locale) leakage in reply header

v78-beta2Pre-release
HorlogeSkynetHorlogeSkynetΒ·5y agoΒ·November 3, 2020
GitHub

> This tag addresses the v78 Thunderbird branch. > As always, test and feedback will be very appreciated. :art: Fixes some blemishes :bug: Fixes wrong value type set for `mail.collect_addressbook` :new: Enables some previously commented-out options related to RSS feeds :new: Incorporates some hardening from CHEF-KOCH/TBCK (abandoned?) project (52d0864e) :new: New referenced related project !

v78-beta1Pre-release
HorlogeSkynetHorlogeSkynetΒ·5y agoΒ·November 1, 2020
GitHub

> This tag addresses the v78 Thunderbird branch. > As always, test and feedback will be very appreciated. :new: Arkenfox v68..v78 changes have been applied (minus some options missing from Thunderbird code base) :lock: Options from section `2500` (hardware fingerprinting) have been widely disabled :boom: Prefer sending emails with plain text content by default (the Earth thanks you :heart: :evergreen_tree:) :boom: Account provisioning from "partner providers" has been disabled

v68v68.0
HorlogeSkynetHorlogeSkynetΒ·5y agoΒ·October 31, 2020
GitHub

πŸ“‹ Changes

  • Migration from gHacks to Arkenfox has been applied to metadata, various pointer links as long as Wiki references. For further information, please refer to <arkenfox/user.js#1009>.
v68-beta5Pre-release
HorlogeSkynetHorlogeSkynetΒ·6y agoΒ·May 1, 2020
GitHub

πŸ“‹ Changes

  • `mailnews.use_received_date` got a wrong type, and setting it by default made the corresponding documentation inaccurate : this has been fixed
  • Sorry for the notification about a `v68` : my fingers snapped :roll_eyes:
v68-beta4Pre-release
HorlogeSkynetHorlogeSkynetΒ·6y agoΒ·April 16, 2020
GitHub

πŸ“‹ Changes

  • Disables Mozilla telemetry prompt for fresh installs (c57ead1b7629d816282c6a9c208343931ebcaaf4)
  • Adds a note about certificate pinning enforcement and ProtonMail's Bridge integration (3ce96df737801dd099d94a3814624aa18c459c6b)
v68-beta3Pre-release
HorlogeSkynetHorlogeSkynetΒ·6y agoΒ·March 23, 2020
GitHub

πŸ“‹ Changes

  • Improves documentation (#8)
  • Improves default template preferences (#9)
  • Improves installation instructions (#8)
  • An `updater.sh`Β script is on its way (maybe) (ghacksuserjs/ghacks-user.js#910)
v68-beta2Pre-release
HorlogeSkynetHorlogeSkynetΒ·6y agoΒ·November 30, 2019
GitHub

Some new preferences proposed by @atomGit. Details : <https://github.com/HorlogeSkynet/thunderbird-user.js/commit/d51c67fc70e9d145d64154f61c6af5c0c0eec2db>.

v60
HorlogeSkynetHorlogeSkynetΒ·6y agoΒ·November 24, 2019
GitHub

A first release just after @dngray ownership transfer and **before** any changes. This version should address the v60.X Thunderbird branch.

v68-beta1Pre-release
HorlogeSkynetHorlogeSkynetΒ·6y agoΒ·November 24, 2019
GitHub

First beta version for the v68 branch of Thunderbird. This consists mainly in the port of v65-to-v68 changes from the gHacks-User.JS script for Firefox. Any comment or improvement would be very welcome !

← Back to thunderbird-user.js wiki