diff -Nru thunderbird-68.8.0+build2/debian/changelog thunderbird-68.8.0+build2/debian/changelog
--- thunderbird-68.8.0+build2/debian/changelog	2020-05-07 21:14:50.000000000 +0000
+++ thunderbird-68.8.0+build2/debian/changelog	2020-05-13 12:52:11.000000000 +0000
@@ -1,3 +1,11 @@
+thunderbird (1:68.8.0+build2-0ubuntu0.16.04.2) xenial; urgency=medium
+
+  [ Dariusz Gadomski ]
+  * Disable reading /proc/sys/crypto/fips_enabled if FIPS is not enabled on
+    build (LP: #1878155)
+
+ -- Olivier Tilloy <olivier.tilloy@canonical.com>  Wed, 13 May 2020 14:52:11 +0200
+
 thunderbird (1:68.8.0+build2-0ubuntu0.16.04.1) xenial; urgency=medium
 
   * New upstream stable release (68.8.0build2)
diff -Nru thunderbird-68.8.0+build2/debian/patches/nss_disable_fips_enabled_flag.patch thunderbird-68.8.0+build2/debian/patches/nss_disable_fips_enabled_flag.patch
--- thunderbird-68.8.0+build2/debian/patches/nss_disable_fips_enabled_flag.patch	1970-01-01 00:00:00.000000000 +0000
+++ thunderbird-68.8.0+build2/debian/patches/nss_disable_fips_enabled_flag.patch	2020-05-13 12:51:19.000000000 +0000
@@ -0,0 +1,43 @@
+Description: Disable reading fips_enabled if FIPS is not enabled on build
+Origin: upstream, https://hg.mozilla.org/projects/nss/rev/55ba54adfcaea2f984a999a511eec5047462eb57
+Bug-Ubuntu: https://bugs.launchpad.net/bugs/1878155
+Last-Update: 2020-05-12
+
+--- thunderbird-68.8.0+build2.orig/security/nss/lib/pk11wrap/pk11util.c
++++ thunderbird-68.8.0+build2/security/nss/lib/pk11wrap/pk11util.c
+@@ -99,6 +99,7 @@ int
+ secmod_GetSystemFIPSEnabled(void)
+ {
+ #ifdef LINUX
++#ifndef NSS_FIPS_DISABLED
+     FILE *f;
+     char d;
+     size_t size;
+@@ -117,6 +118,7 @@ secmod_GetSystemFIPSEnabled(void)
+         return 1;
+     }
+ #endif
++#endif
+     return 0;
+ }
+ 
+--- thunderbird-68.8.0+build2.orig/security/nss/lib/sysinit/nsssysinit.c
++++ thunderbird-68.8.0+build2/security/nss/lib/sysinit/nsssysinit.c
+@@ -168,6 +168,7 @@ getFIPSEnv(void)
+ static PRBool
+ getFIPSMode(void)
+ {
++#ifndef NSS_FIPS_DISABLED
+     FILE *f;
+     char d;
+     size_t size;
+@@ -186,6 +187,9 @@ getFIPSMode(void)
+     if (d != '1')
+         return PR_FALSE;
+     return PR_TRUE;
++#else
++    return PR_FALSE;
++#endif
+ }
+ 
+ #define NSS_DEFAULT_FLAGS "flags=readonly"
diff -Nru thunderbird-68.8.0+build2/debian/patches/series thunderbird-68.8.0+build2/debian/patches/series
--- thunderbird-68.8.0+build2/debian/patches/series	2020-01-10 17:00:10.000000000 +0000
+++ thunderbird-68.8.0+build2/debian/patches/series	2020-05-13 12:51:40.000000000 +0000
@@ -12,4 +12,5 @@
 ppc64el-workaround-bug-1555531.patch
 s390x-fix-hidden-symbol.patch
 armhf-clang-no-integrated-as-for-neon.patch
+nss_disable_fips_enabled_flag.patch
 drop-check-glibc-symbols.patch