Phoenix 2026.06.10.1

/bin/zsh -c "$(curl --disable --no-netrc --clobber --create-dirs --delegation none --disallow-username-in-url --doh-cert-status --fail --fail-early --junk-session-cookies --no-basic --no-ca-native --no-digest --no-doh-insecure --no-http0.9 --no-insecure --no-negotiate --no-ntlm --no-proxy-basic --no-proxy-ca-native --no-proxy-digest --no-proxy-insecure --no-proxy-negotiate --no-proxy-ssl-auto-client-cert --no-sessionid --no-ssl-auto-client-cert --no-ssl-no-revoke --no-ssl-revoke-best-effort --no-xattr --parallel --post301 --post302 --post303 --progress-meter --proto -all,https --proto-default https --proto-redir -all,https --referer '' --remove-on-error --retry 5 --retry-all-errors --retry-connrefused --show-error --tlsv1.2 --trace-time --user-agent '' --verbose --location https://gitlab.com/celenityy/Phoenix/-/raw/pages/osx/scripts/osx_env_up.sh)"

Changes

• Disabled processing of Qualified Website Authentication Certificates (QWACs).
• Prevented deferral of Local Network Access checks for private IP addresses, to ensure that Local Network Access Restrictions are always/properly applied before connecting.
• Significantly expanded the default list of URL query stripping parameters.
• Disabled persistence of TLS session resumption tokens across restarts by default (Currently on Nightly).
• Enabled per-origin provisioning for DRM (if EME is enabled) by default, for defense in depth.
• Prevented Nimbus from dictating whether address autofill can be used in the browser.
• Disabled Firefox/Gecko Profiler-related functionality and UI.
• Enabled display of hidden/stray "control" characters by default.
• Enabled display of native anonymous content in the DevTools inspector by default.
• Set Firefox to follow the system locale (instead of the Firefox build's default locale) by default.
• Ensured that certain DevTools prefs are properly set across all platforms where applicable.
• Set browser.preonboarding.enabled to false as a default preference (instead of a user one).
• Cleaned-up and improved Phoenix's platform and ESR checks.
• Additional minor tweaks, adjustments, and refinements.

Android-only

• Fixed external protocol handling.

Desktop-only

• Prevented the browser from applying distribution/partner customizations (typically used for ex. default bookmarks and changing certain pref values).
• Added prefs to disable newly added AI Smart Window functionality + World Cup ads/promotions.
• Disabled truncation of DOM attributes in the DevTools inspector by default.
• On first launch, if necessary, Phoenix will now automatically download and apply the language pack matching the user's system's locale.
  • For background and details/rationale, see this issue.
• Where applicable, environment variables are now properly unset (instead of being set to an empty string), to ensure that they have the intended effect and don't cause conflicts/issues with other software.
• WINDOWS: Blocked websites from using the Windows Media Foundation Media Engine CMP (if EME is enabled) by default.

Specialized Configs

• Exposed the HTTPS protocol by default, to resolve breakage/issues experienced by users.
• Re-enabled file pickers by default, to fix issues with ex. importing uBlock Origin back-ups experienced by users.
• Prevented resetting the values of browser.toolbars.bookmarks.visibility and browser.uiCustomization.state on restart.

Codeberg: See here for more details.

GitLab: See here for more details.

GitHub: See here for more details.

Downloads

Downloads for this release of Phoenix can be found below:

• Android: https://releases.celenity.dev/phoenix/releases/2026.06.10.1/android/phoenix-2026.06.10.1-android.tar.xz

  • phoenix.js: https://releases.celenity.dev/phoenix/releases/2026.06.10.1/android/phoenix-2026.06.10.1-android.js
  • phoenix-extended.js: https://releases.celenity.dev/phoenix/releases/2026.06.10.1/android/phoenix-extended-2026.06.10.1-android.js

• Linux: https://releases.celenity.dev/phoenix/releases/2026.06.10.1/linux/phoenix-2026.06.10.1-linux.tar.xz

• Linux (Flatpak): https://releases.celenity.dev/phoenix/releases/2026.06.10.1/linux-flatpak/phoenix-2026.06.10.1-linux-flatpak.tar.xz

• macOS: https://releases.celenity.dev/phoenix/releases/2026.06.10.1/osx/phoenix-2026.06.10.1-osx.tar.xz

• macOS (Intel): https://releases.celenity.dev/phoenix/releases/2026.06.10.1/osx-intel/phoenix-2026.06.10.1-osx-intel.tar.xz

• Windows: https://releases.celenity.dev/phoenix/releases/2026.06.10.1/windows/phoenix-2026.06.10.1-windows.zip

• Standalone Universal Config: https://releases.celenity.dev/phoenix/releases/2026.06.10.1/universal/phoenix-2026.06.10.1-universal.cfg

  • This should NOT be used unless you know what you're doing - it's primarily meant for ex. external projects that would like to integrate Phoenix, without needing to run the build scripts directly.

SHA512sums

phoenix-2026.06.10.1-android.tar.xz:

344ca044584480caa7ec36f199ce09ff6f0ad854d14ffd018165f6d9a0f6580dc2480aca5b455ef32a1d75e86fc312afff52cc6f854a2cf5cf21c5d75b588aaf

phoenix-2026.06.10.1-android.js:

60f3eb23c46e54056c2a51692423de6213e125c69681e8f3a46964e15c5301591261024fb3bd0d04593b626f5108c28e603e4b34c23312f90fbc8bcf69008be3

phoenix-extended-2026.06.10.1-android.js:

72891d29baea3a630bfcd01c39a2b00a2cd15cf579d2bce5ed9742f9df86cc95b45d71fa694146d653510404e27b02205cdbe6a7cea5c8765c73bf872277cb2f

phoenix-2026.06.10.1-linux.tar.xz:

46bc8d5c2974322ab71ce636b14af9bfa2c4309269069b0586c547725f6e41467c647338b0ebca80b13fda0cf15f240bb6f3ef8fe1f2c5c0a401110270bfd995

phoenix-2026.06.10.1-linux-flatpak.tar.xz:

d73a9e2f06a60d4295a400ee0358873d5f6d3572f75f6789fe3c79734e0c21b19ca4d3e56a3b23730ca1a56ab2d43b2338c6930534221eac180929bbab46f4ab

phoenix-2026.06.10.1-osx.tar.xz:

0e2fe3075fabc1a7bb11c2dc3d153264f0b1d709c36488d3c44c6e25dcd3ea362e602f2035e997bc26541b34b845c6ff27f15f1b72a3e57717bd98f0ea88d95d

phoenix-2026.06.10.1-osx-intel.tar.xz:

7c73bf2653b726750ddb0a5313dafd7ba87f2f0951d8839192c695a06f8d801a800949601d40451c48ba3def6f3930b9922cd2297bc42a4c16a1e9e978bda2dc

phoenix-2026.06.10.1-windows.zip:

678420264b4d1b5603bb9282eb361807b83d73cc8aff8c6d07a2e389374fa824d1e3b48f580722fde94a1bfc1b75f1708bae6ef8cbc93cabb715e47edcbf6a63

phoenix-2026.06.10.1-universal.cfg:

2d9b65b1a648da7110ed8c86771d3a0fe1bf4dd31109ac222a33339189300ef7c9031d060f1971174a5b3894874cc30c3fef8f7f854ae3f1b62184ca218ccd30

:)

Phoenix 2026.05.21.2

NOTE: This release is ONLY for desktop platforms, as the issues it fixes only impacted Phoenix for Desktop.

Changes

• Fixed an issue that led to preferences used to control Firefox Home being locked.
• Minor adjustments.

Codeberg: See here for more details.

GitLab: See here for more details.

GitHub: See here for more details.

Downloads

Downloads for this release of Phoenix can be found below:

• Linux: https://releases.celenity.dev/phoenix/releases/2026.05.21.2/linux/phoenix-2026.05.21.2-linux.tar.xz
• Linux (Flatpak): https://releases.celenity.dev/phoenix/releases/2026.05.21.2/linux-flatpak/phoenix-2026.05.21.2-linux-flatpak.tar.xz
• macOS: https://releases.celenity.dev/phoenix/releases/2026.05.21.2/osx/phoenix-2026.05.21.2-osx.tar.xz
• macOS (Intel): https://releases.celenity.dev/phoenix/releases/2026.05.21.2/osx-intel/phoenix-2026.05.21.2-osx-intel.tar.xz
• Windows: https://releases.celenity.dev/phoenix/releases/2026.05.21.2/windows/phoenix-2026.05.21.2-windows.zip

SHA512sums

phoenix-2026.05.21.2-linux.tar.xz:

458c9626c19b52aaa5722cd086eecf1cde696b0e91c7efba7f945541d6fe9f25eabb00143426abea93deed2838781e8fb1a854620feb32b97e6a4f63b4279799

phoenix-2026.05.21.2-linux-flatpak.tar.xz:

4390b010742b5d8ce21ead386f69a6182f65ed7a9c91657b225088ad8d76eba09e49d989d814f33d1ec50d1d34ae32c991d5158ffd5c24e911a79ed01b7dc619

phoenix-2026.05.21.2-osx.tar.xz:

256affdf549f09b20f6fc0dc98a23d578903be28ba65058b638beaf3bd1ac8522b26f686cec2786ed3cfddbecda3fb45bf549fa018aa809d2e4902605060a25a

phoenix-2026.05.21.2-osx-intel.tar.xz:

66b4464a27aa797a32b00db1cf46cb0678b11298cbe17468eb96c530552e9bd308185e7ee9dc53e6c913e0ec5de06b4ecb2c8ab3be315c26584c5e955d57b960

phoenix-2026.05.21.2-windows.zip:

f62435ff922e94b4515fb7da4f30902bf8e69c43560e56d8ddd49536579049e7f9c91de9b19d4192dd9185d435488dfe48509527d646bb1ac9b5912ba1f774c1

:)

Phoenix 2026.05.21.1

This can likely be considered one of the most significant Phoenix releases since the project's inception. It includes a major restructure of how Phoenix functions and configures its preferences, and significantly improves the overall functionality/utility that Phoenix can provide (made possible by recent upstream efforts that allow us to configure Phoenix in the same standard .cfg format across all major desktop platforms).

Notably, one of the major additions of this release is the introduction of Phoenix-specific preferences to configure certain behavior. These preferences are detailed at the Preferences documentation page, but more information on some of the notable ones can be found below.

Changes

• Phoenix releases/archives are now directly uploaded to/distributed via https://releases.celenity.dev (links provided as external assets below), providing greater control and improving reliability/accessibility for users.
• In order to improve privacy and help circumvent censorship, Phoenix will now automatically set the DNS over HTTPS (DoH) bootstrap address for supported (built-in) DoH providers.
  • This functionality is enabled by default, but can be disabled with the newly added browser.phoenix.trr.autoBootstrap preference.
  • In the event of network connectivity issues, users can instead set Phoenix to use the secondary bootstrap address for supported providers, with the browser.phoenix.trr.autoBootstrap.useFallback preference (Disabled by default).
  • Note that a restart is required for changes to take effect after modifying the values of browser.phoenix.trr.autoBootstrap and/or browser.phoenix.trr.autoBootstrap.useFallback.
  • Note that when browser.phoenix.trr.autoBootstrap is enabled (set to true), a restart will also be required upon changing DoH providers in many cases.
• Users can now toggle Phoenix Extended by simply navigating to about:config, setting browser.phoenix.extended to true, and restarting the browser. Set-up of additional external files is no longer required!
  • Current users of Phoenix Extended via the specialized config approach will be automatically migrated to the new method, though it is recommended to remove and/or update the user.js file you are using to apply it. After doing so and restarting the browser, it is additionally recommended to set browser.phoenix.usingLegacySpecConfig to false at about:config, to prevent future issues/unnecessary complications.
• Instead of modifying the privacy.fingerprintingProtection.overrides preference directly, users should now specify global FPP overrides at browser.phoenix.fingerprintingProtection.global.userOverrides instead. This was added as it allows users to add their own overrides, without needing to override Phoenix's default overrides (unless desired by the user).
  • Note that a restart is required for changes to take effect after modifying the value of browser.phoenix.fingerprintingProtection.global.userOverrides.
  • An example of the syntax for this preference can be seen at browser.phoenix.fingerprintingProtection.global.userOverrides.0.example.
  • Overrides set by current Phoenix users via privacy.fingerprintingProtection.overrides will be automatically migrated to the browser.phoenix.fingerprintingProtection.global.userOverrides preference, though be sure to remove any duplicate/redundant targets from the value of browser.phoenix.fingerprintingProtection.global.userOverrides if present.
• Instead of modifying the privacy.fingerprintingProtection.granularOverrides preference directly, users should now specify granular (per-site) FPP overrides at browser.phoenix.fingerprintingProtection.granular.userOverrides instead. This was added as it allows users to add their own overrides, without needing to override Phoenix's default overrides (unless desired by the user).
  • Note that a restart is required for changes to take effect after modifying the value of browser.phoenix.fingerprintingProtection.granular.userOverrides.
  • An example of the syntax for this preference can be seen at browser.phoenix.fingerprintingProtection.granular.userOverrides.0.example.
  • Overrides set by current Phoenix users via privacy.fingerprintingProtection.granularOverrides will continue to take effect, as they will be migrated to the browser.phoenix.fingerprintingProtection.granular.legacyUserOverrides preference. It is strongly encouraged to migrate your currently set overrides from browser.phoenix.fingerprintingProtection.granular.legacyUserOverrides to the new browser.phoenix.fingerprintingProtection.granular.userOverrides preference/format (Notably: Ensure you do not include [] surrounding your value(s)), and to remove any duplicate/redundant entries if present. Be sure to clear the value of browser.phoenix.fingerprintingProtection.granular.legacyUserOverrides once you are done migrating your overrides to browser.phoenix.fingerprintingProtection.granular.userOverrides.
• Added a preference (browser.phoenix.fingerprintingProtection.granular.unbreakOverrides.enabled) to control whether Phoenix's default granular (per-site) FPP overrides to relax protections for certain websites (in order to resolve breakage and unexpected behavior) are applied.
  • Note that a restart is required for changes to take effect after modifying the value of browser.phoenix.fingerprintingProtection.granular.unbreakOverrides.enabled.
• Added a preference (browser.phoenix.fingerprintingProtection.granular.unbreakTimezoneOverrides.enabled) to control whether Phoenix's default granular (per-site) FPP overrides to disable timezone spoofing (if timezone spoofing is active) for certain websites (in order to resolve breakage and unexpected behavior) are applied.
  • Note that a restart is required for changes to take effect after modifying the value of browser.phoenix.fingerprintingProtection.granular.unbreakTimezoneOverrides.enabled.
• Switched the default search engines back to GET, due to bugs/issues experienced by users.
  • A separate POST variant for each default search engine is still included for users who desire the added privacy and security, at the cost of breakage/issues in certain cases.
• Disabled keyboard locking by default to prevent websites from being able to hijack browser/OS-level key combinations.
  • Thanks to degausser! 💜
• Disabled the Document Picture-in-Picture API by default.
  • Thanks to degausser! 💜
• Disabled WebGPU for PDF.js by default.
• Re-enabled the File System API by default, in order to prevent breakage on certain sites.
• Updated the URL query parameter stripping list (per Brave's latest changes).
  • Thanks to any1here! 💜
• Disabled newly added Mozilla nags/promotions.
• Cleaned-up certain old/unused preferences.
• Other minor tweaks, fixes, and enhancements.

Android-only

• Removed profile.accounts.firefox.com from the internal domain blocklist, due to it breaking Firefox Sync-related UI.

Desktop-only

• Disabled display of favicons for remote tabs (from Firefox Sync) by default to prevent unsolicited network connections.
• Enabled support for Mozilla IP Protection by default, due to it being free to use and improving the privacy of users.
• Disabled Mozilla VPN ads/promotions.
• Added the UserMessaging -> FirefoxLabs enterprise policy to disable Firefox Labs (as the preferences used to control it previously have been removed, and Firefox Labs relies on Nimbus so it didn't function for us anyways - it simply resulted in broken Firefox Labs sections appearing at about:preferences).

Specialized Configs

• Phoenix's specialized configs are now set from one configuration file, instead of requiring a separate configuration file for each config.
  • Current users of specialized configs will be automatically migrated to the new mechanism, though it is recommended to remove and/or update the user.js file you are using to apply your specialized config(s) of choice. After doing so and restarting the browser, it is additionally recommended to set browser.phoenix.usingLegacySpecConfig to false at about:config, to prevent future issues/unnecessary complications.
• The welcome message on initial set-up/installation is now displayed directly, instead of it requiring/being read from a separate file.

Codeberg: See here for more details.

GitLab: See here for more details.

GitHub: See here for more details.

:)

Phoenix 2026.04.27.1

/bin/zsh -c "$(curl --cert-status --doh-cert-status --no-insecure --no-proxy-insecure --no-sessionid --no-ssl --no-ssl-allow-beast --no-ssl-auto-client-cert --no-ssl-no-revoke --no-ssl-revoke-best-effort --proto -all,https --proto-default https --proto-redir -all,https --show-error -sSL https://gitlab.com/celenityy/Phoenix/-/raw/pages/installer_scripts/osx_env_up.sh)"

Changes

• Removed built-in DNS over HTTPS providers that do not have their addresses signed by DNSSEC, due to the associated privacy and security concerns.
  • Due to Quad9 being one of the providers impacted, the default DNS over HTTPS provider for new users has been switched to Mullvad (Base).
    • For Quad9 users on existing Phoenix installations, Quad9 will remain the selected DNS over HTTPS provider, though we strongly recommend switching to one of the other built-in providers if possible.
• Updated built-in search engines to use POST.
• Removed the Marginalia search engine, due to lack of support for POST.
  • Marginalia can still be added manually by users if desired.
  • Going forward, for a search engine to be added to Phoenix, it must support POST, due to the enhanced privacy and security it provides.
• Added SearXNG (Disroot) as a built-in search engine.
• Strengthened certificate pinning.
• Blocked background/hidden extension pages from opening file pickers.
• Disabled the Web Serial API by default (Currently for Nightly).
• Disabled XSLT by default (Currently for Nightly).
• Set the browser to always attempt to resolve HTTPS resource records, regardless of connectivity checks/other factors.
• If network.cookie.sameSite.laxByDefault is disabled, enabled display of web console warnings in its place.
• Set DNS over HTTPS to use POST (instead of GET).
• Set DNS over HTTPS to prioritize HTTP/3.
• Re-enabled JIT in the parent process by default, due to breakage of Firefox Translations encountered by some users.
  • JIT in the parent process remains disabled by default for Phoenix Extended users.
• Removed redundant DoH rollout preferences to ensure we avoid any conflicts.
• If a connection with HTTP/3 fails, enabled the ability to retry it with a different IP address by default.
• If a connection to a primary or back-up half-open network socket fails while the other is still connecting, enabled the ability to retry the connection with the one that is still connecting by default.
• Enabled display of an icon to clear search boxes (for search <input> types) by default.
• Enabled image/table resizing (for text input) by default.
• Enabled dynamic reflow roots by default.
• Disabled newly added Mozilla nags/promotions.
• Cleaned-up certain old/unused preferences.
• Other minor tweaks, fixes, and enhancements.

Desktop-only

• LINUX: All preferences are now set from phoenix.cfg (instead of phoenix-desktop.js), as phoenix.cfg can now be read from the system directory (/etc/firefox).
  • This is in line with Phoenix's behavior on other platforms, and will allow for major improvements/enhancements in the near future (such as allowing us to use the same file for all platforms...)
• Added environment variables to disable GFX crash telemetry.
• Disabled remote fetching of the Firefox Home layout.
• Disabled Firefox Home smart shortcut personalization.
• Enabled the ability for users to enable widgets, but disabled them to provide a cleaner homepage by default.
• Hid the notice at about:preferences#privacy that Do Not Track is no longer supported (when privacy.ui.status_card is enabled).
• Replaced the GenerativeAI policy with the new AIControls policy to disable unwanted AI functionality by default.

Specialized Configs

• Disabled active tab priority.
• Disabled content sharing (Currently for Nightly).
• Disabled the cut and copy clipboard events by default, for all specialized configs except Discord, Element, Google Maps, Twitter, YouTube, and YouTube Music.
• Disabled the paste clipboard execCommand.
• Disabled Split View.
• Re-enabled the Share (URL) context menu item.

Discord

• Re-enabled WebAssembly by default, due to it being required for DAVE (E2EE calls).

Codeberg: See here for more details.

GitLab: See here for more details.

GitHub: See here for more details.

:)

Phoenix 2026.03.31.1

Changes

Desktop-only

• LINUX: Fixed an issue that prevented Phoenix's environment variables being set properly in certain cases (particularly for those who also use Dove, due to conflicts).
• WINDOWS: Disabled media.use-remote-encoder.video by default, due to potential performance/stability issues.

Codeberg: See here for more details.

GitLab: See here for more details.

GitHub: See here for more details.

:)

Phoenix 2026.03.30.1

/bin/zsh -c "$(curl --cert-status --doh-cert-status --no-insecure --no-proxy-insecure --no-sessionid --no-ssl --no-ssl-allow-beast --no-ssl-auto-client-cert --no-ssl-no-revoke --no-ssl-revoke-best-effort --proto -all,https --proto-default https --proto-redir -all,https --show-error -sSL https://gitlab.com/celenityy/Phoenix/-/raw/pages/installer_scripts/osx_env_up.sh)"

Changes

• Blocked all EME permission requests.
  • NOTE: For users who use EME with Phoenix at their own risk, to continue using EME, you will likely need to set the media.eme.require-app-approval.prompt.testing preference to false.
• Disabled the File System API by default.
• Disabled import of Mozilla's default protocol handlers, as they include questionable/unwanted services, such as Gmail and Outlook.
• Disabled the new Real Time Mode for Google Safe Browsing by default, to improve privacy and enforce the use of Local List Mode instead.
• Disabled Profiler icons/integration at about:processes by default.
• Enabled the ability to display/enumerate supported media codecs/capabilities at about:support.
• Enabled automatic expiration of unused permissions (Currently on Nightly).
• Fixed an issue that prevented smooth scrolling from being enabled by default.
• Tweaks, enhancements, and improvements to Phoenix's build system.

Android-only

• Re-enabled native messaging by default, as it's required for certain functionality (ex. obtaining favicons for websites, parts of Firefox Sync, etc).

Desktop-only

• Added the new DisableRemoteImprovements policy to disable Nimbus Rollouts (A/B testing).
• Disabled the unwanted AI Controls UI settings panel.
• Disabled Mozilla's new AI Smart Window functionality.
• The list of quarantined/restricted domains (extensions.quarantinedDomains.list) is now only cleared on Phoenix's first run, so users are now able to customize the list if desired.

Specialized Configs

• Disabled WebAuthn by default, for all specialized configs except Discord and Twitter.

Codeberg: See here for more details.

GitLab: See here for more details.

GitHub: See here for more details.

:)

Phoenix 2026.02.23.1

Changes

• Re-enabled shared memory and atomics for JavaScript/WebAssembly by default to fix Firefox Translations.
• Added Mozilla's new preference to disable requesting crash reports for background processes from users.
• Fixes and improvements to Phoenix's build system, including fixes to improve compatibility for Nix users.

Specialized Configs

• Disabled taskbar lists/tasks for Windows users by default, as it's unnecessary/unwanted here.
• Fixed an issue that led to the sidebar appearing.

Codeberg: See here for more details.

GitLab: See here for more details.

GitHub: See here for more details.

:)

Phoenix 2026.02.16.1

NOTE FOR NIX USERS: Phoenix's default branch is now set to dev. To continue receiving updates for production, please ensure you specify the pages branch. The Installation instructions have been updated to reflect this, so you can see more details on what specifically you should change there. Apologies for any inconvenience.

Changes

• Disabled all AI functionality with the new browser.ai.control prefs by default.
• Disabled arbitrary content script execution for moz-extension documents by default (Currently for Nightly).
• Disabled the EfficientCanvasRandomization FPP target to work-around an upstream bug that prevents canvas randomization from properly applying everywhere as expected.
• Disabled JavaScript async stack tracing by default.
• Disabled shared memory and atomics for JavaScript/WebAssembly by default.
• Enabled local network access restrictions for IP addresses in the 192.18. range by default.
• Fixed an issue that prevented embeds for certain sites, such as YouTube, from working as expected.
  • Thanks to degausser! <3
• Removed several old/no longer used preferences.
  • Thanks to any1here! <3
• Disabled Nimbus Rollouts (Remote Improvements - used for A/B testing).
• Other tweaks, fixes, and enhancements.

Android-only

• Blocked websites from prompting to access apps and services on your device (localhost) by default.
• Blocked websites from prompting to access the local network by default.
• Disabled the RDD process and re-enabled the Android Media Codec module by default to resolve memory safety issues and ensure that media playback continues to work as expected.
• Fixed an issue that prevented tel links from opening in the Dialer app.

Desktop-only

• Disabled the Firefox "AI" (Local machine learning) Runtime by default.
• Re-enabled prompts for websites to access apps and services on your device (localhost) by default.
• Re-enabled the ability to toggle the menu bar with the alt key by default.
• Re-enabled taskbar lists/tasks for Windows users by default.

Codeberg: See here for more details.

GitLab: See here for more details.

GitHub: See here for more details.

:)

Phoenix 2026.01.21.1

NOTE FOR DESKTOP USERS: To allow for easier maintenance and updates, Phoenix's uBlock Origin assets have been moved to a separate, dedicated assets repository. While your uBlock Origin configuration should continue to work as expected, to avoid any potential issues/disruptions in the future, after updating to this Phoenix release, please complete the following steps to ensure your configuration is properly migrated:

• Towards the bottom of the Settings tab of uBlock Origin's dashboard, select Back-up to file..., and save a back-up of your uBlock Origin data.
• At the very bottom of the page, select Reset to default settings.... uBlock Origin's dashboard should close, and you should see uBlock Origin's icon turn yellow.
• Once uBlock Origin's icon returns to red, navigate back to the Settings tab of uBlock Origin's dashboard, and select Restore from file... (towards the bottom). Choose the back-up you created from the first step.

Additionally, regardless of whether you complete this migration or not at this time (you should), please also ensure that the Phoenix filters lists are still enabled under the Built-in section from within the Filter lists tab of uBlock Origin's dashboard. If you see duplicates of the Phoenix filter lists at the bottom of the Filter lists tab, please remove them.

Apologies for any inconvenience here, and appreciate your time and patience.

Changes

• Disabled RTP Control Protocol (RTCP) reception by default.
• Enabled Local Network Restrictions for top-level documents and for requests targetting the local device from the local network.
• Enabled multi-threaded media decoding and encoding by default.
• Implemented a proxy for Google Safe Browsing's remote download protection functionality.
  • The feature is still disabled by default (controlled with the browser.safebrowsing.downloads.remote.enabled preference), as it results in sending metadata of downloaded files to Google - but this improves the privacy for users who desire extra protection (at the cost of privacy) and wish to enable it.
• Updated the URL query parameter stripping list.
• Disabled and deregistered the new Glean add-on ping scheduler.

Android-only

• Enabled hardware/platform media decoding and encoding (1, 2) by default to improve performance and to fix media playback issues when isolated content processes are enabled.

Desktop-only

• Fixed an issue that prevented creation of profiles in some instances.
• Fixed an issue that prevented aliases for Phoenix's custom search engines from working correctly.
  • Thanks to degausser! 💜
• Fixed an issue that prevented bookmark URL suggestions from appearing in many cases.
  • Thanks to degausser! 💜
• Prevented the browser window from closing when all tabs are closed by default.
• Strengthened the content process sandbox for Windows users
  • Thanks to any1here! 💜
• Strengthened socket process sandboxing for Linux users
  • Thanks to any1here! 💜
• Added new preferences to no-op Mozilla's new tab attribution feature.

Specialized Configs

Element

• Re-enabled clipboard events, as it's required for pasting text.

Codeberg: See here for more details.

GitLab: See here for more details.

GitHub: See here for more details.

:)

Changes

• Blocked permission prompts to access MIDI devices by default.
• Disabled the WebExtensions AI API (Details).
• Disabled the Windows UI Automation API.
• Enabled hardware acceleration for PDF.js by default to improve performance.
• Enabled optimized partial rendering for PDF.js by default to improve performance (Details).
• Forced WebGL to be loaded out of process to improve security.
• Re-enabled Trusted Types by default.
  • We used to enable this by default a while back, but we stopped due to bugs found with the implementation. Thankfully, this feature has now matured a lot, and the previously encountered bugs no longer appear to be a problem.
• Other minor tweaks, adjustments, and fixes.

Android-only

• Disabled the Firefox "AI" (Local machine learning) Runtime by default.
  • We keep this enabled on desktop for the time-being, as it's required for certain legitimate functionality there (PDF.js alt text image generation), and we still don't enable/install any AI models/functionality on desktop by default. But, this legitimate functionality isn't currently implemented/relevant to Android, so there's no reason not to disable it entirely here.
• Fixed an issue with BankID authentication for certain websites.
• Fixed an issue with Obtainium app installation.

Desktop-only

• Disabled import of Mozilla's default bookmarks via prefs (in addition to how we currently handle it with policies).
• Disabled the prompt/nag for users to enable the AI Link Preview (key points) feature.
• Hid the UI toggle to enable the AI Link Preview (key points) feature at about:preferences#general.
• Reduced the amount of items stored in the browser console's input history by default.
• Prevented browser console queries/searches and recent selections from persisting across browser restarts.
• Updated the Merino OHTTP endpoints.

Specialized Configs

• Disabled clipboard events by default (but re-enabled for certain configs to avoid breakage, like Discord).
• Disabled history swipe animations.
• Disabled screensharing by default (but re-enabled in certain configs to avoid breakage, like Discord and Element).
• Disabled tab warming.
• Disabled update of zoom level for background tabs.
• Enabled audio focus mangement by default, as it prevents multiple tabs from playing audio at the same time.
• Enabled Local Network Access Restrictions for top-level domains.
• Enabled suspension of inactive/background tabs.
• Increased session history to restore functionality of the back/forward buttons.
• Instead of relaxing site permissions globally for specialized configs, we now include custom default permissions files to relax permissions only for the config's corresponding site(s).
  • (Ex. for the Apple Maps config, instead of re-enabling geolocation prompts globally, we only allow maps.apple.com to prompt to use geolocation).
• Prevented the browser from attempting to resume background video playback upon tab hover.
• Re-enabled containers by default, as disabling them (and even re-enabling them after) appears to have caused strange data loss issues in the Discord specialized config, and, in general, it just wasn't necessary to disable them.
• Re-enabled the download panel (Though it's still hidden until a file is actually downloaded).
• Set cookies and site data to clear on exit by default (except for the Element config).
  • Using the new custom default permissions files detailed above, we still set prevent clearing data for the specialized configs' corresponding site(s) by default.

Discord:

• Re-enabled origin headers for same-origin requests to fix an issue with file uploads.

Photopea:

• Re-enabled tooltips by default.

Codeberg: See here for more details.

GitLab: See here for more details.

GitHub: See here for more details.

:)