diff --git a/flake.lock b/flake.lock
index 9273be8..4e4013b 100644
--- a/flake.lock
+++ b/flake.lock
@@ -101,6 +101,24 @@
         "type": "github"
       }
     },
+    "firefox": {
+      "inputs": {
+        "nixpkgs": "nixpkgs"
+      },
+      "locked": {
+        "lastModified": 1731773001,
+        "narHash": "sha256-/3tpXzkJqSmJObEilZxeL4Mo1GsyNP0q15kIvw6+GEo=",
+        "ref": "refs/heads/main",
+        "rev": "bb30e67d1f3e5947d46c86dda2a567d16e9d3f52",
+        "revCount": 3,
+        "type": "git",
+        "url": "https://woof.rip/mikael/firefox.git"
+      },
+      "original": {
+        "type": "git",
+        "url": "https://woof.rip/mikael/firefox.git"
+      }
+    },
     "flake-compat": {
       "flake": false,
       "locked": {
@@ -329,7 +347,7 @@
     },
     "linux-hardened": {
       "inputs": {
-        "nixpkgs": "nixpkgs"
+        "nixpkgs": "nixpkgs_2"
       },
       "locked": {
         "lastModified": 1731676971,
@@ -576,6 +594,22 @@
         "type": "github"
       }
     },
+    "nixpkgs_3": {
+      "locked": {
+        "lastModified": 1731531548,
+        "narHash": "sha256-sz8/v17enkYmfpgeeuyzniGJU0QQBfmAjlemAUYhfy8=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "24f0d4acd634792badd6470134c387a3b039dace",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "ref": "nixpkgs-unstable",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
     "nur": {
       "locked": {
         "lastModified": 1731667778,
@@ -674,6 +708,7 @@
         "catppuccin": "catppuccin",
         "catppuccin-palette": "catppuccin-palette",
         "colmena": "colmena",
+        "firefox": "firefox",
         "home-manager": "home-manager",
         "lanzaboote": "lanzaboote",
         "linux-hardened": "linux-hardened",
@@ -682,7 +717,7 @@
         "niri": "niri",
         "nix-index-database": "nix-index-database",
         "nixos-hardware": "nixos-hardware",
-        "nixpkgs": "nixpkgs_2",
+        "nixpkgs": "nixpkgs_3",
         "nur": "nur",
         "ripgrep-all": "ripgrep-all",
         "rust-overlay": "rust-overlay"
diff --git a/flake.nix b/flake.nix
index 61818e3..af34ac0 100644
--- a/flake.nix
+++ b/flake.nix
@@ -40,6 +40,7 @@
     };
 
     linux-hardened.url = "git+https://woof.rip/mikael/linux-hardened.git";
+    firefox.url = "git+https://woof.rip/mikael/firefox.git";
 
     nix-index-database = {
       url = "github:illdefined/nix-index-database";
diff --git a/home/config/nil/firefox.nix b/home/config/nil/firefox.nix
index ac4da4a..b01af66 100644
--- a/home/config/nil/firefox.nix
+++ b/home/config/nil/firefox.nix
@@ -1,4 +1,4 @@
-{ ... }: { config, lib, pkgs, ... }@args:
+{ firefox, ... }: { config, lib, pkgs, ... }@args:
 let
   osConfig = args.osConfig or { };
 
@@ -12,7 +12,7 @@ let
 in lib.mkIf (osConfig.hardware.graphics.enable or false) {
   programs.firefox = {
     enable = true;
-    package = pkgs.firefox;
+    package = firefox.packages.${pkgs.system}.firefox;
     profiles = let
     extensions = with config.nur.repos.rycee.firefox-addons; [
       clearurls
@@ -30,16 +30,6 @@ in lib.mkIf (osConfig.hardware.graphics.enable or false) {
       "intl.accept_languages" = "en-gb,en,de,fr,es-es,es,pt,ja";
       "intl.locale.requested" = "en-GB,en,de,fr,es-ES,es,pt,ja";
 
-      # use OS resolver
-      "network.trr.mode" = 5;
-
-      # force HTTPS
-      "dom.security.https_only_mode" = true;
-      "dom.security.https_only_mode_ever_enabled" = true;
-
-      # enable EME
-      "media.eme.enabled" = true;
-
       # founts
       "font.default.x-unicode" = "sans-serif";
       "font.default.x-western" = "sans-serif";
@@ -49,87 +39,7 @@ in lib.mkIf (osConfig.hardware.graphics.enable or false) {
       "font.name.monospace.x-western" = "Fira Code";
 
       # hardware acceleration
-      "gfx.webrender.all" = true;
       "layers.acceleration.force-enabled" = true;
-      "media.ffmpeg.vaapi.enabled" = true;
-
-      # always ask for download location
-      "browser.download.useDownloadDir" = false;
-
-      # disable firefox tab
-      "browser.tabs.firefox-view" = false;
-
-      # disable firefox intro tab
-      "browser.startup.homepage_override.mstone" = "ignore";
-
-      # disable default browser check
-      "browser.shell.checkDefaultBrowser" = false;
-
-      # private containor for new tab page thumbnails
-      "privacy.usercontext.about_newtab_segregation.enabled" = true;
-
-      # disable Beacons API
-      "beacon.enabled" = false;
-
-      # disable pings
-      "browser.send_pings" = false;
-
-      # strip query parameters
-      "privacy.query_stripping" = true;
-
-      # disable access to device sensors
-      "device.sensors.enabled" = false;
-      "dom.battery.enabled" = false;
-
-      # disable media auto‐play
-      "media.autoplay.enabled" = false;
-
-      # block third‐party cookies
-      "network.cookie.cookieBehavior" = 1;
-
-      # spoof referrer header
-      "network.http.referer.spoofSource" = true;
-
-      # isolate all browser identifier sources
-      "privacy.firstparty.isolate" = true;
-
-      # resist fingerprinting
-      #"privacy.resistFingerprinting" = true;
-
-      # enable built‐in tracking protection
-      "privacy.trackingprotection.enabled" = true;
-      "privacy.trackingprotection.emailtracking.enabled" = true;
-      "privacy.trackingprotection.socialtracking.enabled" = true;
-
-      # disable data sharing
-      "app.normandy.enabled" = false;
-      "app.shield.optoutstudies.enabled" = false;
-      "datareporting.healthreport.uploadEnabled" = false;
-
-      # disable safebrowsing
-      "browser.safebrowsing.downloads.enabled" = false;
-      "browser.safebrowsing.malware.enabled" = false;
-      "browser.safebrowsing.phishing.enabled" = false;
-
-      # disable firefox account
-      "identity.fxaccounts.enabled" = false;
-
-      # disable sponsored items
-      "browser.newtabpage.activity-stream.showSponsoredTopSites" = false;
-      "browser.newtabpage.enhanced" = false;
-
-      # disable Pocket
-      "extensions.pocket.enabled" = false;
-
-      # disable crash reporting
-      "browser.tabs.crashReporting.sendReport" = false;
-      "breakpad.reportURL" = "";
-
-      # disable accessibility services
-      "accessibility.force_disabled" = true;
-
-      # disable password auto‐fill
-      "signon.autofillForms" = false;
 
       # enable user profile customisation
       "toolkit.legacyUserProfileCustomizations.stylesheets" = true;
diff --git a/home/config/nil/thunderbird.nix b/home/config/nil/thunderbird.nix
index a877029..2098a41 100644
--- a/home/config/nil/thunderbird.nix
+++ b/home/config/nil/thunderbird.nix
@@ -1,10 +1,10 @@
-{ ... }: { config, lib, pkgs, ... }@args:
+{ firefox, ... }: { config, lib, pkgs, ... }@args:
 let
   osConfig = args.osConfig or { };
 in lib.mkIf (osConfig.hardware.graphics.enable or false) {
   programs.thunderbird = {
     enable = true;
-    package = pkgs.thunderbird;
+    package = firefox.packages.${pkgs.system}.thunderbird;
     profiles = { };
   };
 }
diff --git a/overlay/mimalloc.nix b/overlay/mimalloc.nix
index 3c16203..4c2563f 100644
--- a/overlay/mimalloc.nix
+++ b/overlay/mimalloc.nix
@@ -15,22 +15,6 @@ in {
     secureBuild = true;
   };
 
-  firefox = (final.wrapFirefox final.firefox-unwrapped { }).overrideAttrs (prevAttrs: {
-    buildCommand = prevAttrs.buildCommand + ''
-      sed -i \
-        '$i export MIMALLOC_RESERVE_HUGE_OS_PAGES=2' \
-        "$out/bin/firefox"
-    '';
-  });
-  
-  thunderbird = (final.wrapThunderbird final.thunderbird-unwrapped { }).overrideAttrs (prevAttrs: {
-    buildCommand = prevAttrs.buildCommand + ''
-      sed -i \
-        '$i export MIMALLOC_RESERVE_HUGE_OS_PAGES=2' \
-        "$out/bin/thunderbird"
-    '';
-  });
-
   fractal = prev.fractal.overrideAttrs (prevAttrs: {
     nativeBuildInputs = prevAttrs.nativeBuildInputs or [ ] ++ [ final.makeBinaryWrapper ];
     buildInputs = prevAttrs.buildInputs or [ ] ++ [ final.mimalloc ];
diff --git a/overlay/modern-minimal.nix b/overlay/modern-minimal.nix
index 52e434b..2404d2e 100644
--- a/overlay/modern-minimal.nix
+++ b/overlay/modern-minimal.nix
@@ -91,23 +91,6 @@ in genAttrs [
     withSsh = false;
   };
 
-  firefox-unwrapped = (prev.firefox-unwrapped.overrideAttrs (prevAttrs: {
-    buildInputs = prevAttrs.buildInputs or [ ]
-      ++ [ final.alsa-lib ];
-
-    configureFlags = prevAttrs.configureFlags or [ ]
-      |> substituteFlags {
-        "--enable-default-toolkit=.*" = "--enable-default-toolkit=cairo-gtk3-wayland-only";
-      };
-  })).override {
-    alsaSupport = false;
-    gssSupport = false;
-    jemallocSupport = false;
-    sndioSupport = false;
-  };
-
-  firefox = final.wrapFirefox final.firefox-unwrapped { };
-
   gammastep = prev.gammastep.override {
     withRandr = false;
   };
@@ -344,17 +327,6 @@ in genAttrs [
     withIptables = false;
   };
 
-  thunderbird-unwrapped = (prev.thunderbird-unwrapped.overrideAttrs (prevAttrs: {
-    configureFlags = prevAttrs.configureFlags or [ ]
-      |> substituteFlags {
-        "--enable-default-toolkit=.*" = "--enable-default-toolkit=cairo-gtk3-wayland-only";
-      };
-  })).override {
-    jemallocSupport = false;
-  };
-
-  thunderbird = final.wrapThunderbird final.thunderbird-unwrapped { };
-
   w3m = prev.w3m.override {
     x11Support = false;
     imlib2 = final.imlib2;