All Products Community Forum

Dear Mozilla Team,

I kindly ask you to add support for the X25519MLKEM768 hybrid post-quantum key exchange to the domain detectportal.firefox.com (the URL used by Firefox connection testing). This small change would significantly strengthen privacy protection for millions of users who rely on Firefox's connection test URL. As you know, this mechanism has already been successfully implemented on almost all of your other domains. Extending the same protection to detectportal.firefox.com would ensure consistency and close the remaining gap. Thank you very much for your ongoing work on privacy and post-quantum cryptography. I would greatly appreciate your attention to this request. Best regards, Anonymous

Dzień dobry, podczas tworzenia wiadomości i próbie zapisania jej na później, otrzymuję komunikat:

Ostrzeżenie Błąd podczas zapisywania szkicu - W Twojej bazie kluczy nie można odnaleźć identyfikatora klucza „0xD3ADE4868E262032”.

Nie potrafię tego naprawić. System iOS na Mac.

Proszę o wsparcie.

Pozdrawiam

Am receiving a message reading-

The certificate for imap.gmail.com does not come from a trusted source.

I received 2 notifications stating that 1) The certificate for imap.gmail.com does not come from a Trusted Source and 2) You are about to override how Thunderbird Identifies this site. Legitimate banks, stores and other public sites will not ask you to do this. This site attempts to identify itself with invalid information. The certificate is not trusted because it hasn't been verified as issued by a trusted authority using a secure Signature. I have been with Thunderbird for around 20 years and have contributed to it twice, so please help me!

Cały czas walczę żeby otworzyć dokument od banku Smime.p7s. Pobrałem ceryifkat .P12 i zainstalowałem na telefonie ale nie wyświetla plików przez wasza pocztę załączników i nie mogę też znaleźć w ustawieniach żeby wgrać ten certyfikat do waszej poczty. Pomocy co zrobić?

I have problems every time I try to fetch my imap gmail, with Thunderbird complaining that: "The certificate for imap.gmail.com:993 does not come from a trusted source".

As near as I can tell, imap.gmail.com:993 is still the recommended setting for

Version is Thunderbird 148.0.1 (64-bit). Adding an exception for the missing certificate does not seem to make a bit of difference.

I do not know if the use of Bitdefender as my security and vpn software is a factor. I notice that the certificate (exception certificate?) shown when I click on View Certificate in my gmail account settings appears to mention Bitdefender, so perhaps that's a factor. That certificate looks as follows:

Certificate Subject Name Common Name imap.gmail.com Issuer Name Country US Organizational Unit IDS Organization Bitdefender Common Name Untrusted Bitdefender CA Validity Not Before Mon, 02 Feb 2026 08:37:57 GMT Not After Mon, 27 Apr 2026 08:37:56 GMT Subject Alt Names DNS Name imap.gmail.com Public Key Info Algorithm Elliptic Curve Key Size 256 Public Value 04:2D:20:DA:19:33:1D:AC:28:91:52:02:EB:B8:7E:33:C0:B7:E4:F3:5E:4E:88:92:E5:7E:BB:30:0C:6C:E4:84:A8:3D:D7:49:9B:22:C8:C0:BB:01:80:4B:84:30:3A:3B:73:70:8F:AB:EB:C0:F0:D5:7B:8B:0B:64:1B:DC:76:67:41 Miscellaneous Serial Number 1A:50:ED:15:50:A1:A7:93:5D:05:8A:CD:85:A5:15:FD Signature Algorithm ECDSA with SHA-256 Version 3 Download PEM (cert)PEM (chain) Fingerprints SHA-256 12:8A:58:44:DF:B5:E1:E4:EF:CC:F7:35:09:BA:6E:88:86:16:15:78:F9:28:52:23:FC:0E:E9:69:D1:AF:21:86 SHA-1 A3:30:CB:65:39:51:46:9B:3B:BC:0B:B9:09:DD:26:40:A8:52:25:3D

certificate for imap <edited>@peternedsmith.co.uk is not valid, someone could be trying to impersonate the server and you should not continue, on clicking the more info, on the panel that comes up, if I click on get certificate, the selections below get greyed out and nothing happens, I have viewed the certificate, and it appears to be from the US, I have taken a screenshot of the top part of it, which is below. Regards Peter Smith

DEUTSCH (English see below(:

Hallo zudammen,

Konfiguration: - Window11 25H2 (aktuell) - Thunderbird Beta-6 (BuildID=20260213180051) - gpg2.5.17 (Gpg4Win 5.0.1); siehe auch: <https://www.gpg4win.de/>

Der bisherige und standarmärige Installationspfad von "Gpg4Win": "C:\Progam Diles (x86)\Gpg4Win\" wurde softwareseitig auf: "C:\Progam Diles\Gpg4Win\" geändert!

Bug 1967121 (Closed) => thunderbird148 --- fixed! <https://bugzilla.mozilla.org/show_bug.cgi?id=1967121>

Zur Zeit verfolge ich die Änderungen bezüglich der externen Schlüsselverwaltung in Thunderbird-Beta, da das Arbeiten mit externen Schlüsseln in der esr- und in der relesease-Version von Thunderbird seit der offiziellen Herausgabe von gpg2.5.x absolut nicht mehr möglich ist! Die geheimen Schlüssel für das Entschlüsseln und Signieren werden mit gpg2.5.x nicht mehr gefunden!

In der Schlüsselverwaltung von TB-Beta befinden sich meine öffentlichen Schlüssel und alle öffentlichen Schlüssel meiner Kommunikationspartner. Extern sind meine geheimen Schlüssel gelagert. Folgende Präferenz wurde aufgrund von gpg2.5.x hinzugefügt:

https://assets-prod.sumo.prod.webservices.mozgcp.net/media/uploads/images/2026-02-26-10-04-58-df59be.png

Allerdings erscheint nach all diesen Maßnahmen die Fehlermeldung: "The secret key that's required to decrypt this message is not availlable."

https://assets-prod.sumo.prod.webservices.mozgcp.net/media/uploads/images/2026-02-26-10-05-45-d8280e.png

Mit Herausgabe von Thunderbird/148.0 (release) sind dort die gleichen Probleme mit der externen Schlüsselverwaltung zu bepbachten!

Mit Versionen gpg < 2.5 funktioniert unter Windows alles problemlos!

UNTER LINUX haben hier Änderungen an der Präferenz: "mail.openpgp.load_untested_gpgme_version" nachweislich keinerlei Auswirkungen!

Was übersehe ich?

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

ENGLISH:

Hello,

Configuration: - Window11 25H2 (current status) - Thunderbird Beta-6 (BuildID=20260213180051) - gpg2.5.17 (Gpg4Win 5.0.1); see also: <https://www.gpg4win.de/>

The previous and default installation path of "Gpg4Win": "C:\Program Files (x86)\Gpg4Win\" has been changed by the software to: "C:\Program Files\Gpg4Win\"!

Bug 1967121 (Closed) => thunderbird148 --- fixed! <https://bugzilla.mozilla.org/show_bug.cgi?id=1967121>

At the moment, I’m following the changes regarding external key management in Thunderbird Beta, because working with external keys in the ESR and release versions of Thunderbird has become absolutely impossible since the official release of gpg 2.5.x! The secret keys required for decryption and signing are no longer found when using gpg 2.5.x!

In Thunderbird Beta’s key manager, my public keys and all public keys of my communication partners are present. My secret keys are stored externally. The following preference was added because of gpg 2.5.x:

https://assets-prod.sumo.prod.webservices.mozgcp.net/media/uploads/images/2026-02-26-10-04-58-df59be.png

However, even after all these measures, the following error message appears: **"The secret key that's required to decrypt this message is not available."**

https://assets-prod.sumo.prod.webservices.mozgcp.net/media/uploads/images/2026-02-26-10-05-45-d8280e.png

With the release of Thunderbird 148.0 (release), the same problems with external key management can be observed there as well!

With gpg versions **older than 2.5**, everything works flawlessly under Windows!

• • UNDER LINUX**, changes to the preference

"mail.openpgp.load_untested_gpgme_version" have demonstrably no effect at all!

What am I missing?

When my message filter uses the "Reply with Template" action, the reply e-mail is always PGP encrypted, even when I do not have any public key for the recipient e-mail address. As a result, the reply e-mail is always corrupted.

I am using Thunderbird 140.7.1esr on Windows 10.

I have attached a screenshot of what the reply e-mail always looks like.

In the Template that I am using, the "encrypt" button is not selected, and in the OpenPGP menu of the Template, the "Encrypt" menu item does not have a checkmark next to it.

Does anyone know how I can get Thunderbird to send reply e-mails without using encryption?

Hi, With new version 1.143 all accounts are gone, need to re-create my existing mails accoutns (outlook, yahoo, gmail) but all fail on error message "www.mozilla.org uses an invalid security certificate" How to resolve ? Grtz, Jane

Hi. I'm using Thunderbird for my POP account and it has stopped sending messages. It just says, Sending of the message failed. Peer's certificate has expired. The configuration related to (my server name) must be corrected. What am I to do?

I keep getting a certificate error on my Thunderbird. The certificate refers to an email account i no longer have (Personal domain) and i have removed the account in thunderbird, and also removed previous certificate exceptions.

I have been through all menus and settings, and cannot find anywhere where it refers to that domain (and subdomain) I have also removed one entry with that FQDN in the outgoing server section.

What to do?

On Monday, 17 November 2025 the Security Certificate expired and I stopped receiving emails both on my computer and Andriod Device. As a result I am not receiving any emails through Thunderbird, but I can go to email host site to view them.

I logged in my computer tonight and clicked here and clicked there and the error message: "The certificate for mail.homebizmall.net is not valid for that server. Someone could be trying to impersonate the server. Create an exception but this could mean that someone has stolen your certificate and may be able to impersonate you."

So it seems the POP server and the SMTP server certificates were only valid for 3 months and I was FORCED to create the exception for both servers. Now I am worried the security has been breached.

By clicking here and clicking there, I stumbled on a few people who seem to have this problem, but each with their own limitations. My operating System is Windows 10 without the option to upgrade. I have not extended the security updates because I don't understand if it is just the operating system uploading to the cloud or everything on my computer and I am not prepared to do the latter.

Is it safe to leave the band aid on that I have used for the moment? Can I create an exception for the phone? Or is there a glitch that someone needs to walk me through fixing?

Thanking you in advance

Clinton

I am getting an error for an outdated certificate on my mail smtp server and when I try to add a security exception Thunderbird does absolutely nothing when i click the button to add a security exception where I can send mail. I end up having to cancel the window and discard my email. It will also not go view the certificate and if you ask it to check it just hangs up forever in and endless loop of checking.

My broadband router set ip address is not secure as it's HTTP What is the solution to able me to access my home router via Wifi in the same location of course which is at home?