_Originally created by Tails on [#6156 (Redmine)](https://public-redmine-archive.tails.boum.org/code/issues/6156)_ Get these patches merged in Thunderbird upstream. Upstream tickets and merge requests: * <https://bugzilla.mozilla.org/show_bug.cgi?id=971347> (done) * <https://bugzilla.mozilla.org/show_bug.cgi?id=669238> (done) * <https://bugzilla.mozilla.org/show_bug.cgi?id=1561542> (needs work) ### Status of current patches in Tails As of 66bd9dc5227f228bc8221cdc43dddff8d1c787b7 our patches are as follows: * [x] `Add-pref-for-whether-to-accept-plaintext-protocols-d.patch`: we can **drop** this patch; when plaintext is selected by autoconfig, a scary warning is shown which is good enough → removing via #17808 * [ ] `Add-pref-for-whether-we-accept-OAuth2-during-autocon.patch`: this should be **reworked** into "enable javascript while doing OAuth2". * [x] `Fix-buggy-pref-for-disabling-MS-Exchange-autoconfig-.patch`: this is a **brand new patch** we should **upstream**; the reason for this patch is that work that happened upstream broke our previous contribution. * [x] `Make-use-of-non-SSL-Exchange-AutoDiscover-methods-op.patch`: we can **drop** this patch; upstream wasn't interested, but we already managed to upstream a pref to completely disable Exchange AutoDiscover, so we are happy just doing that → removing via #17808 * [x] `Prefer-fetched-configurations-using-SSL-over-plainte.patch`: - Upstream is outright hostile towards this change so there is no point trying to upstream it unless there is a change of maintainer. - We **keep** this patch as long as there are other reasons for us to custom patch Thunderbird. But we can **drop** it next time it has to be refreshed and no one has the energy. - When plaintext is selected by autoconfig, a scary warning is shown which is good enough, so dropping it won't be a huge deal. - Past discussion with upstream: 1. https://bugzilla.mozilla.org/show_bug.cgi?id=971347#c152 2. https://bugzilla.mozilla.org/show_bug.cgi?id=971347#c169 3. https://bugzilla.mozilla.org/show_bug.cgi?id=971347#c213 These are already upstreamed: * `Avoid-local-timestamp-disclosure-in-Date-header.patch` * `Avoid-spellchecking-language-disclosure-in-Content-Language-header.patch` ### Attachments * [secure-account-creation.tar.gz](https://redmine.tails.boum.org/code/attachments/download/1966/secure-account-creation.tar.gz) ### Subtasks - [x] tails/tails#11450 - [x] tails/tails#15788 - [x] tails/tails#15790 - [x] tails/tails#16147 ### Related issues - **Related to** tails/tails#6150 - **Related to** tails/tails#7064 - **Related to** tails/tails#15387 - **Related to** tails/tails#16771 - **Related to** tails/tails#16856 - **Related to** tails/tails#17277 - **Blocked by** tails/tails#11536 - **Blocked by** tails/tails#12151