Security configuration of Instantbird
View options
Disable Instantbird's auto-updater and crash reporterOTR is enabled by default and other non-OTR communication is disabled entirely- CA verification: TOFU? Pinning?
Disable older TLS/SSL suitesEnsure that all plugins are disabled (Java, Flash)- Ensure that there is a whitelist of the most popular Instantbird extensions that we have to check to see if they could introduce leaks