2026.01.21.1

Phoenix 2026.01.21.1

---

NOTE FOR DESKTOP USERS: To allow for easier maintenance and updates, Phoenix's uBlock Origin assets have been moved to a separate, dedicated assets repository. While your uBlock Origin configuration should continue to work as expected, to avoid any potential issues/disruptions in the future, after updating to this Phoenix release, please complete the following steps to ensure your configuration is properly migrated:

• Towards the bottom of the Settings tab of uBlock Origin's dashboard, select Back-up to file..., and save a back-up of your uBlock Origin data.
• At the very bottom of the page, select Reset to default settings.... uBlock Origin's dashboard should close, and you should see uBlock Origin's icon turn yellow.
• Once uBlock Origin's icon returns to red, navigate back to the Settings tab of uBlock Origin's dashboard, and select Restore from file... (towards the bottom). Choose the back-up you created from the first step.

Additionally, regardless of whether you complete this migration or not at this time (you should), please also ensure that the Phoenix filters lists are still enabled under the Built-in section from within the Filter lists tab of uBlock Origin's dashboard. If you see duplicates of the Phoenix filter lists at the bottom of the Filter lists tab, please remove them.

Apologies for any inconvenience here, and appreciate your time and patience.

---

Changes

• Disabled RTP Control Protocol (RTCP) reception by default.
• Enabled Local Network Restrictions for top-level documents and for requests targetting the local device from the local network.
• Enabled multi-threaded media decoding and encoding by default.
• Implemented a proxy for Google Safe Browsing's remote download protection functionality.
  • The feature is still disabled by default (controlled with the browser.safebrowsing.downloads.remote.enabled preference), as it results in sending metadata of downloaded files to Google - but this improves the privacy for users who desire extra protection (at the cost of privacy) and wish to enable it.
• Updated the URL query parameter stripping list.
• Disabled and deregistered the new Glean add-on ping scheduler.

Android-only

• Enabled hardware/platform media decoding and encoding (1, 2) by default to improve performance and to fix media playback issues when isolated content processes are enabled.

Desktop-only

• Fixed an issue that prevented creation of profiles in some instances.
• Fixed an issue that prevented aliases for Phoenix's custom search engines from working correctly.
  • Thanks to degausser! 💜
• Fixed an issue that prevented bookmark URL suggestions from appearing in many cases.
  • Thanks to degausser! 💜
• Prevented the browser window from closing when all tabs are closed by default.
• Strengthened the content process sandbox for Windows users
  • Thanks to any1here! 💜
• Strengthened socket process sandboxing for Linux users
  • Thanks to any1here! 💜
• Added new preferences to no-op Mozilla's new tab attribution feature.

Specialized Configs

Element

• Re-enabled clipboard events, as it's required for pasting text.

---

Codeberg: See here for more details.

GitLab: See here for more details.

GitHub: See here for more details.

---

:)

2025.12.23.1

---

Changes

• Blocked permission prompts to access MIDI devices by default.
• Disabled the WebExtensions AI API (Details).
• Disabled the Windows UI Automation API.
• Enabled hardware acceleration for PDF.js by default to improve performance.
• Enabled optimized partial rendering for PDF.js by default to improve performance (Details).
• Forced WebGL to be loaded out of process to improve security.
• Re-enabled Trusted Types by default.
  • We used to enable this by default a while back, but we stopped due to bugs found with the implementation. Thankfully, this feature has now matured a lot, and the previously encountered bugs no longer appear to be a problem.
• Other minor tweaks, adjustments, and fixes.

Android-only

• Disabled the Firefox "AI" (Local machine learning) Runtime by default.
  • We keep this enabled on desktop for the time-being, as it's required for certain legitimate functionality there (PDF.js alt text image generation), and we still don't enable/install any AI models/functionality on desktop by default. But, this legitimate functionality isn't currently implemented/relevant to Android, so there's no reason not to disable it entirely here.
• Fixed an issue with BankID authentication for certain websites.
• Fixed an issue with Obtainium app installation.

Desktop-only

• Disabled import of Mozilla's default bookmarks via prefs (in addition to how we currently handle it with policies).
• Disabled the prompt/nag for users to enable the AI Link Preview (key points) feature.
• Hid the UI toggle to enable the AI Link Preview (key points) feature at about:preferences#general.
• Reduced the amount of items stored in the browser console's input history by default.
• Prevented browser console queries/searches and recent selections from persisting across browser restarts.
• Updated the Merino OHTTP endpoints.

Specialized Configs

• Disabled clipboard events by default (but re-enabled for certain configs to avoid breakage, like Discord).
• Disabled history swipe animations.
• Disabled screensharing by default (but re-enabled in certain configs to avoid breakage, like Discord and Element).
• Disabled tab warming.
• Disabled update of zoom level for background tabs.
• Enabled audio focus mangement by default, as it prevents multiple tabs from playing audio at the same time.
• Enabled Local Network Access Restrictions for top-level domains.
• Enabled suspension of inactive/background tabs.
• Increased session history to restore functionality of the back/forward buttons.
• Instead of relaxing site permissions globally for specialized configs, we now include custom default permissions files to relax permissions only for the config's corresponding site(s).
  • (Ex. for the Apple Maps config, instead of re-enabling geolocation prompts globally, we only allow maps.apple.com to prompt to use geolocation).
• Prevented the browser from attempting to resume background video playback upon tab hover.
• Re-enabled containers by default, as disabling them (and even re-enabling them after) appears to have caused strange data loss issues in the Discord specialized config, and, in general, it just wasn't necessary to disable them.
• Re-enabled the download panel (Though it's still hidden until a file is actually downloaded).
• Set cookies and site data to clear on exit by default (except for the Element config).
  • Using the new custom default permissions files detailed above, we still set prevent clearing data for the specialized configs' corresponding site(s) by default.

Discord:

• Re-enabled origin headers for same-origin requests to fix an issue with file uploads.

Photopea:

• Re-enabled tooltips by default.

---

Codeberg: See here for more details.

GitLab: See here for more details.

GitHub: See here for more details.

---

:)

2025.11.27.1

---

Changes

• Blocked privileged about: pages from loading remote scripts.
• Disabled fetching Firefox Relay's denylist by default.
• Disabled Native Messaging by default (Details).
  • To re-enable it, at the cost of privacy and security, you can set the following prefs:
    • webextensions.native-messaging.max-input-message-bytes -> 1048576
    • webextensions.native-messaging.max-output-message-bytes -> 999999999
• Disabled semantic history by default.
• Hardened protocol handling.
• Set the browser's region to a dummy value (XX), instead of US. This is beneficial as it ensures that certain functionality (such as Firefox Suggest and Mozilla's DoH rollout) are disabled by default, allows us to disable features like Firefox Suggest by default without locking them, and in general, ensures we aren't impacted by unwanted geo targetting.
• Other minor tweaks and adjustments.

Desktop-only

• Disabled Firefox's new Unified Trust Panel by default, as it prevents setting per-site exceptions for the built-in cookie banner blocker.
• Disabled new tab attribution.
• Disabled Sports URL bar suggestions by default.
• For macOS and Windows: [Enabled the ability to warn users upon potentially misconfigured/problematic settings at about:preferences#privacy](https://codeberg.org/celenity/Phoenix/commit/d937b0010f092a88726cf4b1c7958b7a156ac262). (On Linux, this currently breaks about:preferences#privacy).
• For Windows: Disabled taskbar lists by default.
• Leveraged new profile-related preferences to disable the Firefox Messaging System.
• Removed the DisableProfileImport policy.
• Removed the DisplayBookmarksToolbar policy (We still always display the bookmarks toolbar by default though, just with the pref instead).
• Removed DNS0 from the list of default DNS over HTTPS providers, due to its unfortunate discontinuation.
• Removed the Mullvad Leta search engine, due to its unfortunate discontinuation.
• Updated preferences to disable IP Protection (Mozilla VPN) by default.

Specialized Configs

This release includes significant improvements for Phoenix's handling of specialized configs. Browser functionality and UI have been minimized, in order to make using them as close to using a native app as possible. This section will not be exhaustive, but will do it's best to cover the notable changes.

• Disabled add-on abuse reporting.
• Disabled the bookmark edit dialog.
• Disabled the bookmarks toolbar.
• Disabled camera permission prompts (except for the Discord and Element configs, where users may wish to allow them).
• Disable the Close duplicate tabs context menu item.
• Disabled the download panel.
• Disabled favicons.
• Disabled file picker dialogs (except for the Discord, Element, Photopea, and Twitter configs, where they are needed).
• Disabled Firefox Home. The config's corresponding app/service is now loaded immediately (except for on the first launch, to allow uBlock Origin to install).
• Disabled machine learning functionality.
• Disabled microphone permission prompts (except for the Discord, Element, and Twitter configs, where users may wish to allow them).
• Disabled origin headers.
• Disabled Password Manager/Autofill functionality.
• Disabled Picture-in-Picture (except for the Discord, Element, Twitter, and YouTube configs, where they are needed).
• Disabled printing.
• Disabled referers (except for the Twitter config, where they are needed).
• Disabled session restore functionality.
• Disabled the Share URL menu item.
• Disabled support for web applications manifests.
• Disabled tab detachment.
• Disabled tab switching with Ctrl + Tab.
• Disabled Taskbar Tabs (PWAs).
• Disabled text fragments.
• Disabled toolbar keyboard navigation.
• Disabled tooltips.
• Disabled the Unload Tab context menu item.
• Disabled unloading tabs on low memory.
• Disabled URL fix-up.
• Disabled user certificate/key databases.
• Disabled Web Compatibility interventions (except for the YouTube config, where they are needed).
• Disabled warnings on closing tabs and quitting the browser.
• Enabled vertical tabs. In combination with our other changes, this effectively hides the tab bar entirely.
• For Linux and Windows: Disabled the menu bar.
• Hid the UI to automatically delete files downloaded in Private Browsing.
• Introduced a new specialized config for YouTube Music.
• Prevented the browser from trying to open internally-handled attachments.
• Removed the link to download themes.
• Set links to always open in the current tab/browsing window.

---

Codeberg: See here for more details.

GitLab: See here for more details.

GitHub: See here for more details.

---

:)

2025.11.07.1

---

Changes

• Disabled Contast Control by default to protect against fingerprinting (See details).
• Enabled the display of More settings on print previews by default.
• Enabled GREASE by default (See details).
• Enabled Local Network Access Restrictions for WebSocket connections (See details).
• Enabled the Page Setup.. menu by default, useful for ex. printing (On desktop, located under File from the menu bar).
• Set the media autoplay blocking policy to transient by default (See details).
• Updated the list of default fingerprinting protection granular overrides.
• Updated the list of restricted domains for extensions.
• Other minor tweaks and adjustments.

Android-only

• Configured CRLite to use all clubcards, instead of just priority revocations, by default.

Desktop-only

• Disabled marketing/attribution/campaign actions on first run.
• Enabled fading of unloaded tabs (even if not explicitly unloaded) in the tab bar by default.
• Enabled Local Network Access Restrictions by default via Mozilla's newly added enterprise policies*(See details)*.

---

Codeberg: See here for more details.

GitLab: See here for more details.

GitHub: See here for more details.

---

:)

2025.10.26.1

---

Changes

• Disabled window state restoration by default.
• Enabled display of in-process subframes and thread information at about:processes by default.
• Enabled prompts for unsafe HTTP redirects.
• Enabled WebAssembly Memory Control (when WebAssembly is enabled) by default.
• Removed javascript.options.throw_on_asmjs_validation_failure to prevent breakage when ASM.js is disabled.
• Updated certain performance-related preferences *(Credit to Betterfox).
• Updated the list of default fingerprinting protection granular overrides.
• Updated the list of restricted domains for extensions.
• Other minor tweaks and adjustments.

Desktop-only

• Added a fake/scam/impersonation Tamper monkey extension to the add-on blocklist (See details).
• Added Marginalia as a default/built-in search engine.
• Added the Screenshot button to the toolbar by default (for new profiles).
• Disabled FlightAware (flight status) URL bar suggestions by default.
• Disabled the promotion card for dragging tabs when vertical tabs are enabled.
• Disabled TLS session identifiers, primarily to strengthen protection against detection of Private Browsing.
• Enabled the Anti tracking debug panel by default.
• Enabled important date URL bar suggestions by default (depends on Firefox Suggest).
• Updated preferences to disable Firefox Suggest online suggestions.
• Worked around an upstream bug to disable the Ask AI Chatbot context menu item by default.

---

Codeberg: See here for more details.

GitLab: See here for more details.

GitHub: See here for more details.

---

:)

2025.10.12.1

---

Changes

• Added secure-api.pnc.com to the list of restricted domains for extensions.
• Disabled additional Mozilla nags/promotions.
• Disabled shared memory allocation from the parent process to content processes by default.
• Enabled the Safe Browsing V5 API, and configured it to use the IronFox proxy (Currently works on Nightly) *(See details).
• Enforced validation for ASM.js (if ASM.js is enabled).
• Other minor tweaks, fixes, and adjustments.

Desktop-only

• Added BrowsingBloc to the add-on blocklist (See details).
• Configured Mozilla's new GenerativeAI policies to disable Generative AI functionality by default.

---

Codeberg: See here for more details.

GitLab: See here for more details.

GitHub: See here for more details.

---

:)

2025.10.03.1

---

Changes

• Enabled the use of Oblivious HTTP (OHTTP) to improve privacy for search suggestions (if search suggestions are enabled) from supported engines (Currently, only Google is supported). - (Details: 1)
• Removed 127.0.0.1 and localhost from the list of quarantined/restricted domains, due to this causing too much friction and requiring users to allow desired add-ons to access all restricted domains, which wouldn't be necessary otherwise. - (Details: 1)
• Removed no longer necessary ETP exception for https://api.transcend.io/privacy/graphql, due to the issue being fixed upstream. - (Details: 1)
• Other minor tweaks, fixes, and adjustments.

Android-only

• Fixed an issue that caused add-on installation to fail in private browsing windows for certain derivatives (ex. IronFox). - (Details: 1)

Desktop-only

• Added the OverridePostUpdatePage policy. - (Details: 1)
• Added a new specialized config for Photopea. - (Details: 1)
• Disabled nags to opt-in to real-time URL bar suggestions. - (Details: 1)
• Disabled real-time Yelp URL bar suggestions. - (Details: 1)
• Disabled the OpenAI/ChatGPT Smart Assist feature. - (Details: 1)
• Disabled stock market (Polygon) URL bar suggestions by default. - (Details: 1)
• Fixed an issue that caused the menu bar to always display, regardless of if the user disabled it. - (Details: 1)
• Removed the discontinued Hugging Chat AI Chatbot provider. - (Details: 1)
• Stopped attempting to enable Firefox Labs to prevent a broken/empty Firefox Labs section from appearing at the bottom of pages at about:preferences (Labs itself also depends on telemetry and studies, which we disable...). - (Details: 1)
• Updated the EnableTrackingProtection policy to include Mozilla's newly added options. - (Details: 1)

Twitter specialized config

• Re-enabled WebAssembly by default to unbreak the E2EE chat feature. - (Details: 1)

---

Codeberg: See here for more details.

GitLab: See here for more details.

GitHub: See here for more details.

---

:)

2025.09.07.1

---

Changes

• Blocked websites from prompting to access apps and services (outside of the browser) on your device by default (Nightly). - (Details: 1)
• browser.cache.disk_cache_ssl is no longer disabled by default, due to it being unnecessary with browser.cache.disk.enable (which we still disable by default). - (Details: 1)
• Disabled Mozilla's Glean (telemetry) redesign/navigation category at about:glean. - (Details: 1)
• Disabled OCSP revocation checks by default, as they are no longer necessary due to advancements with Certificate Transparency and CRLite. - (Details: 1)
• Other minor tweaks, fixes, and adjustments.

Desktop-only

• Added BadBlock Fonts to uBlock Origin (Enabled by default). - (Details: 1)
• Blocked websites from prompting to access local network resources by default (Nightly). - (Details: 1)
• Disabled AI Page Assist by default. - (Details: 1)
• Disabled Firefox Home shortcut personalization. - (Details: 1)
• Disabled Mozilla's new Firefox Home promotion card. - (Details: 1)
• Disabled Mozilla's new VPN/IP Protection promotional widgets. - (Details: 1)
• Enabled a UI setting under Files and Applications -> Downloads at about:preferences#general to enable automatic deletion of files downloaded while under Private Browsing. - (Details: 1)
• Hid the UI setting at about:preferences#general to allow AI to suggest tabs and a name for tab groups by default. - (Details: 1)
• If Firefox Sync is active, disabled avatar/profile fetching (to prevent unwanted/unnecessary network activity). - (Details: 1)
• Prevented exposing the browser locale when navigating to local network access information/support page. - (Details: 1)
• Stopped setting ETP Strict via policies, due to it locking impacted settings, locking the UI to set cookie exceptions per-site, and causing other weird/undesired behavior (We still enforce ETP Strict though via the browser.contentblocking.category pref). - (Details: 1)
• Updated our uBlock Origin config per latest upstream changes. - (Details: 1)

YouTube specialized config

• Pinned YouTube Music to about:home by default. - (Details: 1)

---

Codeberg: See here for more details.

GitLab: See here for more details.

GitHub: See here for more details.

---

:)

2025.08.06.1

---

Changes

• Disabled WASM-Ion JIT instead of WASM-Baseline JIT by default. - (Details: 1)
• Decreased the lifetime of certain content processes. - (Details: 1, 2)
• Enabled the Integrity-Policy header by default. - (Details: 1)
• Required resources loaded by MV2 extensions to be specified under web_accessible_resources in the extension's manifest by default. - (Details: 1)
• Updated the list of quarantined/restricted domains. - (Details: 1)
• Other minor tweaks, fixes, and adjustments.

Android-only

• Blocked websites from prompting to access geolocation by default. - (Details: 1)
• Blocked websites from prompting to display notifications by default. - (Details: 1)
• Increased the number of processes to improve performance and security. - (Details: 1)
• Prevented over-allocation of webCOOP+COEP processes, due to upstream setting an incorrect value for dom.ipc.processCount.webCOOP+COEP. - (Details: 1)
• Updated the list of domains excluded from DNS over HTTPS by default. - (Details: 1, 2, 3, 4)

Desktop-only

• Enabled a toggle to easily configure exceptions for Firefox Translations, located at about:preferences#general, which can be found by navigating to Languages -> Firefox Translations -> Exceptions.... - (Details: 1)

---

Codeberg: See here for more details.

GitLab: See here for more details.

GitHub: See here for more details.

---

:)

2025.07.30.1

---

• Temporarily disabled unconditionally blocking Local Network Access requests, due to breakage of LAN resources (though we still block access for trackers, and block access for websites in general with uBlock Origin).

  See details: https://codeberg.org/celenity/Phoenix/issues/162 + https://codeberg.org/celenity/Phoenix/issues/164 + https://codeberg.org/celenity/Phoenix/commit/07fe3b2a73439acc47624a90f526aebd0b670417

  network.lna.blocking -> false

• Fixed use of the OS geolocation provider on Android, GNU/Linux, and macOS.

  See details: https://codeberg.org/celenity/Phoenix/commit/427347e88323e96997e2e84c9e9cce9afd7b6e77

  geo.provider.use_mls -> false

• ANDROID: Fixed Firefox Translations.

  See details: https://codeberg.org/celenity/Phoenix/commit/0590ae3dff47342af52da8a72300975b2682e069

  extensions.webextensions.base-content-security-policy -> script-src 'self' 'wasm-unsafe-eval' 'unsafe-inline'; upgrade-insecure-requests;

• ANDROID: No longer set pdfjs.historyUpdateUrl to true by default, as it's currently broken/doesn't work properly.

  See details: https://codeberg.org/celenity/Phoenix/commit/d8c7f561dfd228217d227ff3ef4d95b4baa577fa

  pdfjs.historyUpdateUrl -> false

• Prevented exposing XPCOM Components.interfaces to websites.

  See details: https://codeberg.org/celenity/Phoenix/commit/b94aedaee24be82c49e75dc251f3d55ce2e3debe

  dom.use_components_shim -> false

• ANDROID: Enabled the Potentially Harmful Application list (when Safe Browsing is enabled).

  See details: https://codeberg.org/celenity/Phoenix/commit/6083b56252a2672fb410f1a6d0420341936f6df2

  urlclassifier.malwareTable -> goog-malware-proto,goog-unwanted-proto,moztest-harmful-simple,moztest-malware-simple,moztest-unwanted-simple,goog-harmful-proto

• Re-enabled the warning when entering fullscreen mode by default (though we still disable the obnoxious delay...).

  See details: https://codeberg.org/celenity/Phoenix/commit/fd0556187aaf90e2347c9230d8401b6e4a53b59e

  full-screen-api.warning.delay -> 500
full-screen-api.warning.timeout -> 3000

• ANDROID: Blocked media autoplay by default.

  See details: https://codeberg.org/celenity/Phoenix/commit/ec799519af8e4f387fd4e2f4b562547f821f6f77

  media.geckoview.autoplay.request.testing -> 2

• Added new preferences to disable/skip Mozilla's Terms of Use.

  See details: https://codeberg.org/celenity/Phoenix/commit/2110f9f7d1e2bbd1e46510aad3a1b190b229a1ef

  termsofuse.acceptedDate -> 32503679999000
termsofuse.acceptedVersion -> 999
termsofuse.bypassNotification -> true

• DESKTOP: Added DNS4EU to the list of built-in DNS over HTTPS resolvers.

  See details: https://codeberg.org/celenity/Phoenix/commit/e9fb2f053e10fd45753e986c516ebcd7cd3cf72b

• DESKTOP: Added Startpage (EU) to the list of default search engines.

  See details: https://codeberg.org/celenity/Phoenix/commit/9d91666328959e814672f1507affad2c70eed582

• DESKTOP: Allowed Remote Settings collections are no longer configured for LibreWolf users.

  See details: https://codeberg.org/celenity/Phoenix/commit/a202fa0b0db8b119237292f5e49d9080fa62d50b

  librewolf.services.settings.allowedCollections ->

• YOUTUBE SPECIALIZED CONFIG: Disabled dynamic rounding of content dimensions/letterboxing by default.

  See details: https://codeberg.org/celenity/Phoenix/commit/366ab84f4d408fbd04cca44d7c40b963cbf22467

  privacy.resistFingerprinting.letterboxing -> false

• Other minor tweaks, fixes, and adjustments.

---

Codeberg: See here for more details.

GitLab: See here for more details.

GitHub: See here for more details.

---

:)