2026.03.31.1

Phoenix 2026.03.31.1

---

⚠️ IMPORTANT NOTE FOR MACOS USERS:

If you have NOT already, please ensure you complete the steps from the top of 2026.03.30.1's release notes to update your environment variables. No action is needed if you already completed those steps.

---

Changes

Desktop-only

• LINUX: Fixed an issue that prevented Phoenix's environment variables being set properly in certain cases (particularly for those who also use Dove, due to conflicts).
• WINDOWS: Disabled media.use-remote-encoder.video by default, due to potential performance/stability issues.

---

Codeberg: See here for more details.

GitLab: See here for more details.

GitHub: See here for more details.

---

:)

2026.03.30.1

Phoenix 2026.03.30.1

---

⚠️ IMPORTANT NOTE FOR MACOS USERS:

To ensure Phoenix continues to work properly, you must update Phoenix's environment variables. The recommended way to do this is via the environment update script, which can be ran with the following command in your terminal:

/bin/zsh -c "$(curl --cert-status --doh-cert-status --no-insecure --no-proxy-insecure --no-sessionid --no-ssl --no-ssl-allow-beast --no-ssl-auto-client-cert --no-ssl-no-revoke --no-ssl-revoke-best-effort --proto -all,https --proto-default https --proto-redir -all,https --show-error -sSL https://gitlab.com/celenityy/Phoenix/-/raw/pages/installer_scripts/osx_env_up.sh)"

Note that this ONLY impacts macOS users.

Apologies for any inconvenience, and thank you for your time, patience, and support.

---

Changes

• Blocked all EME permission requests.
  • NOTE: For users who use EME with Phoenix at their own risk, to continue using EME, you will likely need to set the media.eme.require-app-approval.prompt.testing preference to false.
• Disabled the File System API by default.
• Disabled import of Mozilla's default protocol handlers, as they include questionable/unwanted services, such as Gmail and Outlook.
• Disabled the new Real Time Mode for Google Safe Browsing by default, to improve privacy and enforce the use of Local List Mode instead.
• Disabled Profiler icons/integration at about:processes by default.
• Enabled the ability to display/enumerate supported media codecs/capabilities at about:support.
• Enabled automatic expiration of unused permissions (Currently on Nightly).
• Fixed an issue that prevented smooth scrolling from being enabled by default.
• Tweaks, enhancements, and improvements to Phoenix's build system.

Android-only

• Re-enabled native messaging by default, as it's required for certain functionality (ex. obtaining favicons for websites, parts of Firefox Sync, etc).

Desktop-only

• Added the new DisableRemoteImprovements policy to disable Nimbus Rollouts (A/B testing).
• Disabled the unwanted AI Controls UI settings panel.
• Disabled Mozilla's new AI Smart Window functionality.
• The list of quarantined/restricted domains (extensions.quarantinedDomains.list) is now only cleared on Phoenix's first run, so users are now able to customize the list if desired.

Specialized Configs

• Disabled WebAuthn by default, for all specialized configs except Discord and Twitter.

---

Codeberg: See here for more details.

GitLab: See here for more details.

GitHub: See here for more details.

---

:)

2026.02.23.1

Phoenix 2026.02.23.1

---

Changes

• Re-enabled shared memory and atomics for JavaScript/WebAssembly by default to fix Firefox Translations.
• Added Mozilla's new preference to disable requesting crash reports for background processes from users.
• Fixes and improvements to Phoenix's build system, including fixes to improve compatibility for Nix users.

Specialized Configs

• Disabled taskbar lists/tasks for Windows users by default, as it's unnecessary/unwanted here.
• Fixed an issue that led to the sidebar appearing.

---

Codeberg: See here for more details.

GitLab: See here for more details.

GitHub: See here for more details.

---

:)

2026.02.16.1

Phoenix 2026.02.16.1

---

NOTE FOR NIX USERS: Phoenix's default branch is now set to dev. To continue receiving updates for production, please ensure you specify the pages branch. The Installation instructions have been updated to reflect this, so you can see more details on what specifically you should change there. Apologies for any inconvenience.

---

Changes

• Disabled all AI functionality with the new browser.ai.control prefs by default.
• Disabled arbitrary content script execution for moz-extension documents by default (Currently for Nightly).
• Disabled the EfficientCanvasRandomization FPP target to work-around an upstream bug that prevents canvas randomization from properly applying everywhere as expected.
• Disabled JavaScript async stack tracing by default.
• Disabled shared memory and atomics for JavaScript/WebAssembly by default.
• Enabled local network access restrictions for IP addresses in the 192.18. range by default.
• Fixed an issue that prevented embeds for certain sites, such as YouTube, from working as expected.
  • Thanks to degausser! <3
• Removed several old/no longer used preferences.
  • Thanks to any1here! <3
• Disabled Nimbus Rollouts (Remote Improvements - used for A/B testing).
• Other tweaks, fixes, and enhancements.

Android-only

• Blocked websites from prompting to access apps and services on your device (localhost) by default.
• Blocked websites from prompting to access the local network by default.
• Disabled the RDD process and re-enabled the Android Media Codec module by default to resolve memory safety issues and ensure that media playback continues to work as expected.
• Fixed an issue that prevented tel links from opening in the Dialer app.

Desktop-only

• Disabled the Firefox "AI" (Local machine learning) Runtime by default.
• Re-enabled prompts for websites to access apps and services on your device (localhost) by default.
• Re-enabled the ability to toggle the menu bar with the alt key by default.
• Re-enabled taskbar lists/tasks for Windows users by default.

---

Codeberg: See here for more details.

GitLab: See here for more details.

GitHub: See here for more details.

---

:)

2026.01.21.1

Phoenix 2026.01.21.1

---

NOTE FOR DESKTOP USERS: To allow for easier maintenance and updates, Phoenix's uBlock Origin assets have been moved to a separate, dedicated assets repository. While your uBlock Origin configuration should continue to work as expected, to avoid any potential issues/disruptions in the future, after updating to this Phoenix release, please complete the following steps to ensure your configuration is properly migrated:

• Towards the bottom of the Settings tab of uBlock Origin's dashboard, select Back-up to file..., and save a back-up of your uBlock Origin data.
• At the very bottom of the page, select Reset to default settings.... uBlock Origin's dashboard should close, and you should see uBlock Origin's icon turn yellow.
• Once uBlock Origin's icon returns to red, navigate back to the Settings tab of uBlock Origin's dashboard, and select Restore from file... (towards the bottom). Choose the back-up you created from the first step.

Additionally, regardless of whether you complete this migration or not at this time (you should), please also ensure that the Phoenix filters lists are still enabled under the Built-in section from within the Filter lists tab of uBlock Origin's dashboard. If you see duplicates of the Phoenix filter lists at the bottom of the Filter lists tab, please remove them.

Apologies for any inconvenience here, and appreciate your time and patience.

---

Changes

• Disabled RTP Control Protocol (RTCP) reception by default.
• Enabled Local Network Restrictions for top-level documents and for requests targetting the local device from the local network.
• Enabled multi-threaded media decoding and encoding by default.
• Implemented a proxy for Google Safe Browsing's remote download protection functionality.
  • The feature is still disabled by default (controlled with the browser.safebrowsing.downloads.remote.enabled preference), as it results in sending metadata of downloaded files to Google - but this improves the privacy for users who desire extra protection (at the cost of privacy) and wish to enable it.
• Updated the URL query parameter stripping list.
• Disabled and deregistered the new Glean add-on ping scheduler.

Android-only

• Enabled hardware/platform media decoding and encoding (1, 2) by default to improve performance and to fix media playback issues when isolated content processes are enabled.

Desktop-only

• Fixed an issue that prevented creation of profiles in some instances.
• Fixed an issue that prevented aliases for Phoenix's custom search engines from working correctly.
  • Thanks to degausser! 💜
• Fixed an issue that prevented bookmark URL suggestions from appearing in many cases.
  • Thanks to degausser! 💜
• Prevented the browser window from closing when all tabs are closed by default.
• Strengthened the content process sandbox for Windows users
  • Thanks to any1here! 💜
• Strengthened socket process sandboxing for Linux users
  • Thanks to any1here! 💜
• Added new preferences to no-op Mozilla's new tab attribution feature.

Specialized Configs

Element

• Re-enabled clipboard events, as it's required for pasting text.

---

Codeberg: See here for more details.

GitLab: See here for more details.

GitHub: See here for more details.

---

:)

2025.12.23.1

---

Changes

• Blocked permission prompts to access MIDI devices by default.
• Disabled the WebExtensions AI API (Details).
• Disabled the Windows UI Automation API.
• Enabled hardware acceleration for PDF.js by default to improve performance.
• Enabled optimized partial rendering for PDF.js by default to improve performance (Details).
• Forced WebGL to be loaded out of process to improve security.
• Re-enabled Trusted Types by default.
  • We used to enable this by default a while back, but we stopped due to bugs found with the implementation. Thankfully, this feature has now matured a lot, and the previously encountered bugs no longer appear to be a problem.
• Other minor tweaks, adjustments, and fixes.

Android-only

• Disabled the Firefox "AI" (Local machine learning) Runtime by default.
  • We keep this enabled on desktop for the time-being, as it's required for certain legitimate functionality there (PDF.js alt text image generation), and we still don't enable/install any AI models/functionality on desktop by default. But, this legitimate functionality isn't currently implemented/relevant to Android, so there's no reason not to disable it entirely here.
• Fixed an issue with BankID authentication for certain websites.
• Fixed an issue with Obtainium app installation.

Desktop-only

• Disabled import of Mozilla's default bookmarks via prefs (in addition to how we currently handle it with policies).
• Disabled the prompt/nag for users to enable the AI Link Preview (key points) feature.
• Hid the UI toggle to enable the AI Link Preview (key points) feature at about:preferences#general.
• Reduced the amount of items stored in the browser console's input history by default.
• Prevented browser console queries/searches and recent selections from persisting across browser restarts.
• Updated the Merino OHTTP endpoints.

Specialized Configs

• Disabled clipboard events by default (but re-enabled for certain configs to avoid breakage, like Discord).
• Disabled history swipe animations.
• Disabled screensharing by default (but re-enabled in certain configs to avoid breakage, like Discord and Element).
• Disabled tab warming.
• Disabled update of zoom level for background tabs.
• Enabled audio focus mangement by default, as it prevents multiple tabs from playing audio at the same time.
• Enabled Local Network Access Restrictions for top-level domains.
• Enabled suspension of inactive/background tabs.
• Increased session history to restore functionality of the back/forward buttons.
• Instead of relaxing site permissions globally for specialized configs, we now include custom default permissions files to relax permissions only for the config's corresponding site(s).
  • (Ex. for the Apple Maps config, instead of re-enabling geolocation prompts globally, we only allow maps.apple.com to prompt to use geolocation).
• Prevented the browser from attempting to resume background video playback upon tab hover.
• Re-enabled containers by default, as disabling them (and even re-enabling them after) appears to have caused strange data loss issues in the Discord specialized config, and, in general, it just wasn't necessary to disable them.
• Re-enabled the download panel (Though it's still hidden until a file is actually downloaded).
• Set cookies and site data to clear on exit by default (except for the Element config).
  • Using the new custom default permissions files detailed above, we still set prevent clearing data for the specialized configs' corresponding site(s) by default.

Discord:

• Re-enabled origin headers for same-origin requests to fix an issue with file uploads.

Photopea:

• Re-enabled tooltips by default.

---

Codeberg: See here for more details.

GitLab: See here for more details.

GitHub: See here for more details.

---

:)

2025.11.27.1

---

Changes

• Blocked privileged about: pages from loading remote scripts.
• Disabled fetching Firefox Relay's denylist by default.
• Disabled Native Messaging by default (Details).
  • To re-enable it, at the cost of privacy and security, you can set the following prefs:
    • webextensions.native-messaging.max-input-message-bytes -> 1048576
    • webextensions.native-messaging.max-output-message-bytes -> 999999999
• Disabled semantic history by default.
• Hardened protocol handling.
• Set the browser's region to a dummy value (XX), instead of US. This is beneficial as it ensures that certain functionality (such as Firefox Suggest and Mozilla's DoH rollout) are disabled by default, allows us to disable features like Firefox Suggest by default without locking them, and in general, ensures we aren't impacted by unwanted geo targetting.
• Other minor tweaks and adjustments.

Desktop-only

• Disabled Firefox's new Unified Trust Panel by default, as it prevents setting per-site exceptions for the built-in cookie banner blocker.
• Disabled new tab attribution.
• Disabled Sports URL bar suggestions by default.
• For macOS and Windows: [Enabled the ability to warn users upon potentially misconfigured/problematic settings at about:preferences#privacy](https://codeberg.org/celenity/Phoenix/commit/d937b0010f092a88726cf4b1c7958b7a156ac262). (On Linux, this currently breaks about:preferences#privacy).
• For Windows: Disabled taskbar lists by default.
• Leveraged new profile-related preferences to disable the Firefox Messaging System.
• Removed the DisableProfileImport policy.
• Removed the DisplayBookmarksToolbar policy (We still always display the bookmarks toolbar by default though, just with the pref instead).
• Removed DNS0 from the list of default DNS over HTTPS providers, due to its unfortunate discontinuation.
• Removed the Mullvad Leta search engine, due to its unfortunate discontinuation.
• Updated preferences to disable IP Protection (Mozilla VPN) by default.

Specialized Configs

This release includes significant improvements for Phoenix's handling of specialized configs. Browser functionality and UI have been minimized, in order to make using them as close to using a native app as possible. This section will not be exhaustive, but will do it's best to cover the notable changes.

• Disabled add-on abuse reporting.
• Disabled the bookmark edit dialog.
• Disabled the bookmarks toolbar.
• Disabled camera permission prompts (except for the Discord and Element configs, where users may wish to allow them).
• Disable the Close duplicate tabs context menu item.
• Disabled the download panel.
• Disabled favicons.
• Disabled file picker dialogs (except for the Discord, Element, Photopea, and Twitter configs, where they are needed).
• Disabled Firefox Home. The config's corresponding app/service is now loaded immediately (except for on the first launch, to allow uBlock Origin to install).
• Disabled machine learning functionality.
• Disabled microphone permission prompts (except for the Discord, Element, and Twitter configs, where users may wish to allow them).
• Disabled origin headers.
• Disabled Password Manager/Autofill functionality.
• Disabled Picture-in-Picture (except for the Discord, Element, Twitter, and YouTube configs, where they are needed).
• Disabled printing.
• Disabled referers (except for the Twitter config, where they are needed).
• Disabled session restore functionality.
• Disabled the Share URL menu item.
• Disabled support for web applications manifests.
• Disabled tab detachment.
• Disabled tab switching with Ctrl + Tab.
• Disabled Taskbar Tabs (PWAs).
• Disabled text fragments.
• Disabled toolbar keyboard navigation.
• Disabled tooltips.
• Disabled the Unload Tab context menu item.
• Disabled unloading tabs on low memory.
• Disabled URL fix-up.
• Disabled user certificate/key databases.
• Disabled Web Compatibility interventions (except for the YouTube config, where they are needed).
• Disabled warnings on closing tabs and quitting the browser.
• Enabled vertical tabs. In combination with our other changes, this effectively hides the tab bar entirely.
• For Linux and Windows: Disabled the menu bar.
• Hid the UI to automatically delete files downloaded in Private Browsing.
• Introduced a new specialized config for YouTube Music.
• Prevented the browser from trying to open internally-handled attachments.
• Removed the link to download themes.
• Set links to always open in the current tab/browsing window.

---

Codeberg: See here for more details.

GitLab: See here for more details.

GitHub: See here for more details.

---

:)

2025.11.07.1

---

Changes

• Disabled Contast Control by default to protect against fingerprinting (See details).
• Enabled the display of More settings on print previews by default.
• Enabled GREASE by default (See details).
• Enabled Local Network Access Restrictions for WebSocket connections (See details).
• Enabled the Page Setup.. menu by default, useful for ex. printing (On desktop, located under File from the menu bar).
• Set the media autoplay blocking policy to transient by default (See details).
• Updated the list of default fingerprinting protection granular overrides.
• Updated the list of restricted domains for extensions.
• Other minor tweaks and adjustments.

Android-only

• Configured CRLite to use all clubcards, instead of just priority revocations, by default.

Desktop-only

• Disabled marketing/attribution/campaign actions on first run.
• Enabled fading of unloaded tabs (even if not explicitly unloaded) in the tab bar by default.
• Enabled Local Network Access Restrictions by default via Mozilla's newly added enterprise policies*(See details)*.

---

Codeberg: See here for more details.

GitLab: See here for more details.

GitHub: See here for more details.

---

:)

2025.10.26.1

---

Changes

• Disabled window state restoration by default.
• Enabled display of in-process subframes and thread information at about:processes by default.
• Enabled prompts for unsafe HTTP redirects.
• Enabled WebAssembly Memory Control (when WebAssembly is enabled) by default.
• Removed javascript.options.throw_on_asmjs_validation_failure to prevent breakage when ASM.js is disabled.
• Updated certain performance-related preferences *(Credit to Betterfox).
• Updated the list of default fingerprinting protection granular overrides.
• Updated the list of restricted domains for extensions.
• Other minor tweaks and adjustments.

Desktop-only

• Added a fake/scam/impersonation Tamper monkey extension to the add-on blocklist (See details).
• Added Marginalia as a default/built-in search engine.
• Added the Screenshot button to the toolbar by default (for new profiles).
• Disabled FlightAware (flight status) URL bar suggestions by default.
• Disabled the promotion card for dragging tabs when vertical tabs are enabled.
• Disabled TLS session identifiers, primarily to strengthen protection against detection of Private Browsing.
• Enabled the Anti tracking debug panel by default.
• Enabled important date URL bar suggestions by default (depends on Firefox Suggest).
• Updated preferences to disable Firefox Suggest online suggestions.
• Worked around an upstream bug to disable the Ask AI Chatbot context menu item by default.

---

Codeberg: See here for more details.

GitLab: See here for more details.

GitHub: See here for more details.

---

:)

2025.10.12.1

---

Changes

• Added secure-api.pnc.com to the list of restricted domains for extensions.
• Disabled additional Mozilla nags/promotions.
• Disabled shared memory allocation from the parent process to content processes by default.
• Enabled the Safe Browsing V5 API, and configured it to use the IronFox proxy (Currently works on Nightly) *(See details).
• Enforced validation for ASM.js (if ASM.js is enabled).
• Other minor tweaks, fixes, and adjustments.

Desktop-only

• Added BrowsingBloc to the add-on blocklist (See details).
• Configured Mozilla's new GenerativeAI policies to disable Generative AI functionality by default.

---

Codeberg: See here for more details.

GitLab: See here for more details.

GitHub: See here for more details.

---

:)