CHEF-KOCH's Microblog ✨

Mozilla Thunderbird user.js hardening

Mozilla Thunderbird 102.1.2

Same like the Firefox version, Thunderbird can be hardened via user.js. I update it for each new stable version.

I suggest only using uBlock with Thunderbird and that is it. Other extensions are more for usability or they are getting merged over time directly into Thunderbird.

You can add some additional add-ons to expand some features that Thunderbird already offers but less is more and Thunderbird add-ons are in general less often updated than Firefox based ones. They are often outdated, not working with the latest Thunderbird version and maintaining them still seems to be a problem.

This version removes and reduces eMail to the essential, means plain text emails only and absolute no scripting within eMails are allowed.

All entries are alphabetically sorted.

user_pref("_user.js.cktn", "maxprotect_20220729");

user_pref("beacon.enabled", false);
user_pref("browser.cache.disk.enable", false);
user_pref("browser.cache.offline.enable", false);
user_pref("browser.chrome.favicons", false);
user_pref("browser.chrome.site_icons", false);
user_pref("browser.display.use_document_fonts", 0);
user_pref("browser.formfill.enable", false);
user_pref("browser.region.update.enabled", false);
user_pref("browser.safebrowsing.blockedURIs.enabled", false);
user_pref("browser.safebrowsing.downloads.enabled", false);
user_pref("browser.safebrowsing.downloads.remote.block_dangerous", false);
user_pref("browser.safebrowsing.downloads.remote.block_dangerous_host", false);
user_pref("browser.safebrowsing.downloads.remote.block_potentially_unwanted", false);
user_pref("browser.safebrowsing.downloads.remote.block_uncommon", false);
user_pref("browser.safebrowsing.downloads.remote.enabled", false);
user_pref("browser.safebrowsing.downloads.remote.url", "");
user_pref("browser.safebrowsing.malware.enabled", false);
user_pref("browser.safebrowsing.phishing.enabled", false);
user_pref("browser.search.suggest.enabled", false);
user_pref("browser.search.update", false);
user_pref("browser.urlbar.update2.engineAliasRefresh", true);
user_pref("chat.prpls.prpl-matrix.disable", false);
user_pref("datareporting.healthreport.uploadEnabled", false);
user_pref("datareporting.policy.dataSubmissionEnabled", false);
user_pref("dom.security.https_first", true);
user_pref("dom.security.https_only_mode", true);
user_pref("dom.security.unexpected_system_load_telemetry_enabled", false);
user_pref("dom.script_loader.bytecode_cache.enabled", false);
user_pref("extensions.getAddons.cache.enabled", false);
user_pref("extensions.htmlaboutaddons.recommendations.enabled", false);
user_pref("extensions.ui.lastCategory", "addons://list/extension");
user_pref("general.useragent.override", "");
user_pref("gfx.downloadable_fonts.disable_cache", true);
user_pref("gfx.downloadable_fonts.enabled", false);
user_pref("gfx.font_rendering.opentype_svg.enabled", false);
user_pref("javascript.enabled", false);
user_pref("javascript.options.asmjs", false);
user_pref("javascript.options.native_regexp", false);
user_pref("javascript.options.wasm", false);
user_pref("layout.css.font-loading-api.enabled", false);
user_pref("layout.css.visited_links_enabled", false);
user_pref("ldap_2.servers.outlook.dirType", false);
user_pref("mail.chat.enabled", false);
user_pref("mail.cloud_files.enabled", false);
user_pref("mail.collect_addressbook", "jsaddrbook://history.sqlite");
user_pref("mail.collect_email_address_outgoing", false);
user_pref("mail.compose.big_attachments.notify", false);
user_pref("mail.compose.other.header", "X-Custom-Header,X-Another-Custom-Header");
user_pref("mail.default_html_action", 1);
user_pref("mail.html_compose", false);
user_pref("mail.html_sanitize.drop_conditional_css", true);
user_pref("mail.identity.default.compose_html", false);
user_pref("mail.inline_attachments", false);
user_pref("mail.inline_attachments.text", true);
user_pref("mail.openpgp.allow_external_gnupg", true);
user_pref("mail.phishing.detection.disallow_form_actions", true);
user_pref("mail.phishing.detection.enabled", true);
user_pref("mail.phishing.detection.ipaddresses", true);
user_pref("mail.phishing.detection.mismatched_hosts", true);
user_pref("mail.sanitize_date_header", true);
user_pref("mail.showCondensedAddresses", false);
user_pref("mail.smtpserver.default.hello_argument", "[127.0.0.1]");
user_pref("mail.strictly_mime", true);
user_pref("mail.suppress_content_language", true);
user_pref("mail.tabs.autoHide", true);
user_pref("mail.ui.display.dateformat.thisweek", 4);
user_pref("mailnews.auto_config.fetchFromExchange.enabled", false);
user_pref("mailnews.auto_config.fetchFromISP.sendEmailAddress", false);
user_pref("mailnews.auto_config.fetchFromISP.sslOnly", true);
user_pref("mailnews.auto_config.guess.sslOnly", true);
user_pref("mailnews.display.date_senders_timezone", true);
user_pref("mailnews.display.disallow_mime_handlers", 3);
user_pref("mailnews.display.html_as", 1);
user_pref("mailnews.display.prefer_plaintext", true);
user_pref("mailnews.display.show_all_body_parts_menu", true);
user_pref("mailnews.headers.showSender", true);
user_pref("mailnews.headers.showUserAgent", true);
user_pref("mailnews.messageid_browser.url", "[127.0.0.1]");
user_pref("mailnews.send_plaintext_flowed", true);
user_pref("mailnews.start_page.enabled", false);
user_pref("mailnews.wraplength", 0);
user_pref("media.autoplay.block-event.enabled", true);
user_pref("media.autoplay.block-webaudio", true);
user_pref("media.ffmpeg.vaapi-drm-display.enabled", false);
user_pref("media.getusermedia.screensharing.enabled", false);
user_pref("media.hardware-video-decoding.enabled", false);
user_pref("media.navigator.enabled", false);
user_pref("media.peerconnection.enabled", false);
user_pref("media.video_stats.enabled", false);
user_pref("network.IDN_show_punycode", true);
user_pref("network.connectivity-service.enabled", false);
user_pref("network.cookie.cookieBehavior", 2);
user_pref("network.dns.disablePrefetch", true);
user_pref("network.http.referer.XOriginPolicy", 2);
user_pref("network.http.sendRefererHeader", 0);
user_pref("network.http.speculative-parallel-limit", 0);
user_pref("network.prefetch-next", false);
user_pref("network.proxy.failover_direct", false);
user_pref("network.trr.confirmation_telemetry_enabled", false);
user_pref("pdfjs.enableScripting", false);
user_pref("permissions.default.image", 2);
user_pref("privacy.antitracking.testing", true);
user_pref("privacy.donottrackheader.enabled", false);
user_pref("privacy.firstparty.isolate", true);
user_pref("privacy.firstparty.isolate.block_post_message", true);
user_pref("privacy.query_stripping.enabled", true);
user_pref("privacy.query_stripping.strip_list", "[__hsfp __hssc __hstc __s _hsenc _openstat dclid fbclid gbraid gclid hsCtaTracking igshid mc_eid ml_subscriber ml_subscriber_hash msclkid oly_anon_id oly_enc_id rb_clickid s_cid twclid vero_conv vero_id wbraid wickedid yclid utm_campaign utm_channel utm_cid utm_content utm_id utm_medium utm_name utm_place utm_pubreferrer utm_reader utm_referrer utm_serial utm_social utm_social-type utm_source utm_swu utm_term utm_keyword utm_userid utm_viz_id utm_product utm_campaignid utm_ad utm_brand utm_emcid utm_emmid utm_umguk]");
user_pref("privacy.trackingprotection.cryptomining.enabled", true);
user_pref("privacy.trackingprotection.enabled", true);
user_pref("privacy.trackingprotection.socialtracking.enabled", true);
user_pref("privacy.userContext.enabled", true);
user_pref("rss.display.disallow_mime_handlers", 3);
user_pref("rss.display.html_as", 1);
user_pref("rss.display.prefer_plaintext", true);
user_pref("rss.show.content-base", 1);
user_pref("security.cert_pinning.enforcement_level", 2);
user_pref("security.family_safety.mode", 0);
user_pref("security.mixed_content.block_active_content", true);
user_pref("security.mixed_content.upgrade_display_content", true);
user_pref("security.remote_settings.crlite_filters.enabled", true);
user_pref("security.ssl.require_safe_negotiation", true);
user_pref("security.ssl.treat_unsafe_negotiation_as_broken", true);
user_pref("security.ssl3.dhe_rsa_aes_128_sha", false);
user_pref("security.ssl3.dhe_rsa_aes_256_sha", false);
user_pref("security.ssl3.ecdhe_ecdsa_aes_128_sha", false);
user_pref("security.ssl3.ecdhe_ecdsa_aes_256_sha", false);
user_pref("security.ssl3.ecdhe_rsa_aes_128_sha", false);
user_pref("security.ssl3.ecdhe_rsa_aes_256_sha", false);
user_pref("security.ssl3.rsa_aes_128_sha", false);
user_pref("security.ssl3.rsa_aes_256_sha", false);
user_pref("security.ssl3.rsa_des_ede3_sha", false);
user_pref("security.tls.enable_0rtt_data", false);
user_pref("services.settings.server", "[127.0.0.1]");
user_pref("toolkit.coverage.endpoint.base", "");
user_pref("toolkit.coverage.opt-out", true);
user_pref("toolkit.datacollection.infoURL", "[127.0.0.1]");
user_pref("toolkit.telemetry.archive.enabled", false);
user_pref("toolkit.telemetry.bhrPing.enabled", false);
user_pref("toolkit.telemetry.brhPing.enabled", false);
user_pref("toolkit.telemetry.coverage.opt-out", true);
user_pref("toolkit.telemetry.firstShutdownPing.enabled", false);
user_pref("toolkit.telemetry.server", "[127.0.0.1]");
user_pref("toolkit.telemetry.shutdownPingSender.enabled", false);
user_pref("toolkit.telemetry.unified", false);
user_pref("toolkit.telemetry.updatePing.enabled", false);

#hardening #userjs #mozilla #thunderbird

- 3 toasts