I can confirm this bug as I originally reported it on Mozilla's bugzilla. 
  The folks at Mozilla cannot confirm the bug on other flavors of Linux nor on Windows. The bug only seems to exist on various versions of SuSE products. 
   I use Tumbleweed. I have ended up allowing all remote content to be allowed in Thunderbird for now, but of course that is never a good idea.

Same here - OpenSUSE LEAP 42.3, and
 
MozillaThunderbird-52.6-1.4.x86_64
MozillaFirefox-59.0.1-3.1.x86_64

both from the Mozilla repo for 42.3.

I can confirm the above-mentioned issue with current Leap 15.0 (build 164.1), with and without the Mozilla repo enabled.

A further experiment:

1. download TB from Mozilla for Linux 64-bit, from here
https://www.mozilla.org/en-US/thunderbird/all/
2. Unpack and run that TB version (52.7.0 at the time of this writing).
3. Look into remote content preferences - all of my old preferences are still there! (And that is after the SUSE build from the Mozilla repo fails to see them, and setting them new there does not lead to any stored settings on exiting TB.)

From the descriptions here I have no idea really why our package should behave differently.
Just one question to be sure: Are you running under KDE or any other desktop?

I'm running under KDE Plasma, but I believe the behavior is the same even if I login to an LXDE session.

Running Thunderbird 52.7-1.7 from the Tumbleweed Mozilla repo and the behavior hasn't changed. I add exception; save; close and reopen Thunderbird, and the exceptions are no longer there.

Where does Thunderbird save the information on "Allow remote content"? Are these permissions.sqlite and content-prefs.sqlite? Maybe they are never touched/changed.

  I can also confirm that the problem is not limited to Plasma. I am currently in an LXDE session and have duplicated the results. 
  I add the exceptions using the button located in the warning banner at the top of the message body. I then open preferences to verify that they were added. After confirmation, I hit "save changes" and close preferences. After closing and restarting Thunderbird, there are no exceptions in the info box.

I'm seeing this on Gnome on Tumbleweed. I've not checked the databases.

I'm running ctwm, so the WM is definitely not involved.

@comment #8: it's permissions.sqlite, and as I wrote the initial report: looking at the strace output you can see that the SuSE TB isn't even trying to read/write this file. It doesn't show up in the whole strace log, in contrast to the mozilla TB version. So the problem first happens when hitting the Save button. It seems that the button doesn't cause any action.

(In reply to Frank Steiner from comment #11)
> I'm running ctwm, so the WM is definitely not involved.
> 
> @comment #8: it's permissions.sqlite, and as I wrote the initial report:
> looking at the strace output you can see that the SuSE TB isn't even trying
> to read/write this file. It doesn't show up in the whole strace log, in
> contrast to the mozilla TB version. So the problem first happens when
> hitting the Save button. It seems that the button doesn't cause any action.

Yes, that is consistent with my observations, too. The original TB 52.7.0 Linux 64-bit build from Mozilla.org (not the SUSE Mozilla repo!) does everything right and stores the remote content exceptions in permissions.sqlite, but the SUSE builds (from both the Mozilla repo, and the "normal" Leap repos) don't even try to touch the file.

There is a further observation: even though a valid permissions.sqlite file is there (as demonstrated by the TB build from Mozilla.org, and it can also be read without problems with sqlitebrowser for example), TB on SUSE does not only not store new exceptions, but it also fails to read the existing exceptions from permissions.sqlite - opening the preferences dialogue shows an empty exceptions list.

File permissions are
-rw-r--r-- permissions.sqlite

(In reply to Helmut Walle from comment #13)
> There is a further observation: even though a valid permissions.sqlite file
> is there (as demonstrated by the TB build from Mozilla.org, and it can also
> be read without problems with sqlitebrowser for example), TB on SUSE does
> not only not store new exceptions, but it also fails to read the existing
> exceptions from permissions.sqlite - opening the preferences dialogue shows
> an empty exceptions list.
> 
> File permissions are
> -rw-r--r-- permissions.sqlite

On current TW and Leap 15.0 I have
-rw------- permissions.sqlite

On my Tumbleweed machine, permissions.sqlite has not been written to since Feb 6 of this year. I use Thunderbird multiple times every day. I am assuming that an update on or after Feb 6 is where the problem started. I'll look at the changelogs via Yast, but I don't know if they will give much info. I update my system each time I boot, so the date mentioned should be quite close.

I see 10th Feb as the last modified date.

Implies something changed with v52.6 on 30th January (https://build.opensuse.org/package/revisions/openSUSE:Factory/MozillaThunderbird#commit_item_188) since the next commit is 18th February?

(In reply to IB Board from comment #16)
> I see 10th Feb as the last modified date.
> 
> Implies something changed with v52.6 on 30th January
> (https://build.opensuse.org/package/revisions/openSUSE:Factory/
> MozillaThunderbird#commit_item_188) since the next commit is 18th February?

I have tested TB 52.0 dated 25 Aug 2017 from the openSUSE Mozilla Beta repo for Tumbleweed (https://download.opensuse.org/repositories/mozilla:/beta/openSUSE_Tumbleweed), getting the same issue as decribed here.

I have the same problem in Seamonkey 2.46 under OpenSuse Leap 42.3 (using the usual repositories).

I am quite sure that the problem started a few days ago when an update for the mozilla-nss and mozilla-nspr packages came. I think the mozilla-nspr package is the one to blame.

While investigating the problem I found out the strange fact, that deleting prefs.js causes permissions.sqlite to be read once during the next start (but not subsequently).

Even more strange: It is sufficient to remove exactly two preferences before starting seamonkey: browser.places.smartBookmarksVersion and extensions.databaseSchema . If I do this, permissions.sqlite is read normally and everything works. I must admit, that I do not understand why this works.

  Does this act as a persistent workaround, or does it only work a single time, as deleting prefs.js did in your previous comment?

No, I have to delete the entries *every* time before starting Seamonkey...

This is getting stranger all the time: While removing the both preferences works for a test user, it does *not* work for the user on my system which I use for surfing, which has a much larger prefs.js . I have no idea how this all fits together.

  The fact that this seems to affect both Thunderbird and Seamonkey seems to support your idea that the problem is with a Mozilla support package such as nss or nspr rather than the actual program packages.

The odd thing with attributing it to mozilla-nss/nspr is that my database was last modified on the 10th Feb, but /var/log/zypp/history says that mozilla-nss was updated on the 24th January and mozilla-nspr was on the 17th January! Meanwhile I installed Thunderbird 52.6-1.1 on 7th Feb.

Given that I use my computers most days and shut it down every night then that's quite a gap between install date and last modification when it would have been running with a supposedly "broken" library (at least on my system).

And just to cross off a potential cause: I just found this problem (https://support.mozilla.org/en-US/questions/1165994) and disabled all addons and restarted TB, but I still get the broken "remote content" behaviour.

Also, TB 52.0 from Mozilla:beta (https://build.opensuse.org/package/binaries/mozilla:beta/thunderbird/openSUSE_Tumbleweed) has horribly broken rendering *and* doesn't fix the problem.

    I'm up to Thunderbird-52.7.0 (64 bit) and the problem persists. My "prefs.sqlite" file has still not been modified since Feb, 06 of this year, as was true in my post from April.

I made some additional tests to see if the problem really comes from mozilla-nspr.

So I downloaded the NSPR package from the Mozilla server, which, for sure, has no Opensuse specific patches, and compiled it by myself. The problem persists.

Then I thought of a compiler bug. So I compiled NSPR using clang rather than gcc. The problem persists.

So has it really to do with NSPR? The only evidence that I have is that it started on the day when an mozilla-nspr update was received.

FYI, update to Thunderbird 52.8 from the openSUSE Mozilla repo does not solve the issue described here. Finding the culprit seems like looking for a needle in a haystack.

We'll soon have Thunderbird 60 candidate builds. If it's indeed caused by something around NSPR or NSS there is a chance that it's fixed with the new version.

I can confirm that it's related to NSPR or NSS. I've built a test package with NSPR and NSS included in tree (which are older versions than what we ship as system libs).
This package will also appear in OBS mozilla:experimental if people want to try.

I'm 95% sure that it is NSS and will try that out still.

My assumption for the moment is that
- update to TB 60 will fix the issue once it arrives
- NSPR or NSS is not as backward compatible as it is meant to be and I'll
  discuss with upstream developers as soon as I have a pointer to the 
  definitive library.

So according to my testing it's really mozilla-nss which most likely is causing the issue. Will see if we can find a solution before we are going to TB60 anyway.

There is one more possibility: libsqlite

mozilla-nss requires and loads the system lib libsqlite3.so while Thunderbird ships its own libmozsqlite3.so. While the lib name is different the symbols are the same. So it's pretty much unpredictable which function is used in the TB process.

TB52 has 3.17.0 while Leap 42.3 has 3.8.10.2.

Firefox has the same actually but I have no similar bugreports for that one though.
Therefore this is still something like a guess but I will do some further testing.

I did a bit more tests.

My current conclusion is that the libsqlite pulled in by NSS and conflicting with the built-in sqlite in Thunderbird.

The problem(s):
- on 42.3 the system sqlite3 is too old and TB refuses to compile with it
  therefore I see no way in being able to streamline the versions
- on 15.0 and TW I could build TB with system sqlite at the moment which fixes
  the issue. Still this has some risk as sqlite breakage is not obvious so
  we might run into issues later

What I do not really understand is why Fedora seems unaffected while they seem to use the same compile time options when it comes to sqlite in relation with NSS and Thunderbird.

(In reply to Wolfgang Rosenauer from comment #34)
> I did a bit more tests.
> 
> My current conclusion is that the libsqlite pulled in by NSS and conflicting
> with the built-in sqlite in Thunderbird.
> 
> The problem(s):
> - on 42.3 the system sqlite3 is too old and TB refuses to compile with it
>   therefore I see no way in being able to streamline the versions
> - on 15.0 and TW I could build TB with system sqlite at the moment which
> fixes
>   the issue. Still this has some risk as sqlite breakage is not obvious so
>   we might run into issues later
> 
> What I do not really understand is why Fedora seems unaffected while they
> seem to use the same compile time options when it comes to sqlite in
> relation with NSS and Thunderbird.

Who says that Fedora is not affected? Unfortunately, I do not have it installed, but maybe someone else could check for the above issue within Fedora.

(In reply to Frank Kruger from comment #35)
> Who says that Fedora is not affected? Unfortunately, I do not have it
> installed, but maybe someone else could check for the above issue within
> Fedora.

Nobody here. But looking at Google I haven't seen reports which indicate that another flavour is affected.
If somebody has easy access (aka installed) Fedora or Ubuntu I would be curious to know.

(In reply to Wolfgang Rosenauer from comment #36)
> If somebody has easy access (aka installed) Fedora or Ubuntu I would be
> curious to know.

I do not see this problem on up-to-date Ubuntu 16.04 (thunderbird 52.8.0+build1-0ubuntu0.16.04.1 )

Thanks to Wolfgang for investigating the problem.

Yesterday I upgraded my system to OpenSuse 15.0, and the problem still persists in Seamonkey (version 2.49.1 from the OpenSuse repositories).

*** Bug 1095686 has been marked as a duplicate of this bug. ***

Another report hit where TB forgot a different setting.
Seems to be SLE/openSUSE specific:
https://bugzilla.mozilla.org/show_bug.cgi?id=1465830

For information I can confirm my bug (relating to "Use Paragraph format instead of Body Text by default") does not exist in Fedora 28 nor Ubuntu 18.04 using the same version of Thunderbird, so this does seem to be SUSE specific.

Another observation having just inadvertently 'fixed' my issue relating to the lack of persistence of the paragraph settings:

I just downloaded TB 60 Beta 4 from Mozilla's web site:

https://www.thunderbird.net/en-US/channel/

I unpacked it, and in the terminal CD'd to the new directory and launched TB 60 by typing "./thunderbird'.

This loaded TB 60 and imported my settings automatically. I quit, and re-launched TB 52.8.0 and now observe that when I change the paragraph setting, quit & relaunch TB, it now remembers the setting correctly.

So for me it seems the action of launching TB 60 has somehow solved the issue I have on TB 52.8.0. OK, not a permanent fix, but hopefully useful information. The plot thickens...!

(In reply to Nicholas Harvey from comment #42)
> …
> So for me it seems the action of launching TB 60 has somehow solved the
> issue I have on TB 52.8.0. OK, not a permanent fix, but hopefully useful
> information. The plot thickens...!

Can't confirm that fix here, unfortunately.

Downloaded TB60 from Mozilla. Ran it. Remote images appeared (which is known - vanilla Mozilla builds aren't affected). Quit. Ran stock Thunderbird from Tumbleweed (MozillaThunderbird-52.8-1.1.x86_64) and the images didn't show. Enabled the remote content domains, restarted Thunderbird, images still didn't show.

I even tried after enabling a new domain in TB60, in case it triggered a change that fixed something. No luck.

The plot thickens further!

Any movement on this bug? 
I see it is marked as NEEDINFO but i don't see any request from anyone for info. Is that flag erroneous?
I'm using Leap 42.3 with TB "52.9.0-68.1-x86_64 from vendor OpenSUSE" (according to Yast) and my remote content exceptions disappear every time TB is restarted.

I still have a bit of the suspicion that it might be related to the crypto library NSS.
Stock Thunderbird comes with a quite old one and on openSUSE we use a much more recent one to satisfy Firefox dependencies. I would not expect such an issue resulting from that because that library is meant to be mainly ABI compatible.
As upstream is just about to release version 60 of Thunderbird my hope is that this issue goes away with that version to match Firefox 60esr.

I should have first candidate packages for Thunderbird 60 within the next week or so to see how it behaves.

Same issue here on Tumbleweed (running i3)

thunderbird:
Name        : MozillaThunderbird
Version     : 52.9.1
Release     : 1.2
Architecture: x86_64

os-release:
NAME="openSUSE Tumbleweed"
# VERSION="20180720"

database:
-rw-r--r-- 1 arun users     22528 Jan 30 08:38 permissions.sqlite

looking at the database directly shows that the exceptions are still stored there, but nothing shows up in Thunderbird. Any exceptions I add don't survive a restart.

Please everyone check out Thunderbird 60 as provided from the mozilla repo.
Unless I did something wrong in testing this should apparently fix that issue. Please report back here.

Hi Wolfgang. For my reported scenario I am now able to change the paragraph style settings and these are remembered correctly when I quit and re-launch Thunderbird 60. Many thanks! Nick.

MozillaThunderbird-60.0-lp150.8.1.x86_64 resolves the issue for me. Thanks!

(In reply to Wolfgang Rosenauer from comment #47)
> Please everyone check out Thunderbird 60 as provided from the mozilla repo.
> Unless I did something wrong in testing this should apparently fix that
> issue. Please report back here.

The issue is fixed for me as well. I appreciate it.

Installed MozillaThunderbird-60.0-8.2.x86_64 from https://build.opensuse.org/package/show/mozilla/thunderbird60 on Tumbleweed. Restarted Thunderbird, opened an email with images that I'd previously whitelisted and it loaded them correctly. Opened an email with non-whitelisted images and it still blocked them.

Seems to be good here.

This is an autogenerated message for OBS integration:
This bug (1084603) was mentioned in
https://build.opensuse.org/request/show/627801 Factory / MozillaThunderbird

Can we expect the same issue in Seamonkey to be fixed as well?

This is an autogenerated message for OBS integration:
This bug (1084603) was mentioned in
https://build.opensuse.org/request/show/631833 Factory / MozillaThunderbird

This is an autogenerated message for OBS integration:
This bug (1084603) was mentioned in
https://build.opensuse.org/request/show/632920 15.0+42.3+Backports:SLE-12 / MozillaThunderbird

Releasing Thunderbird 60 for Leap, done

openSUSE-SU-2018:2658-1: An update that fixes 13 vulnerabilities is now available.

Category: security (important)
Bug References: 1084603,1098998
CVE References: CVE-2018-12359,CVE-2018-12360,CVE-2018-12361,CVE-2018-12362,CVE-2018-12363,CVE-2018-12364,CVE-2018-12365,CVE-2018-12366,CVE-2018-12367,CVE-2018-12371,CVE-2018-5156,CVE-2018-5187,CVE-2018-5188
Sources used:
openSUSE Leap 42.3 (src):    MozillaThunderbird-60.0-74.1
openSUSE Leap 15.0 (src):    MozillaThunderbird-60.0-lp150.3.14.1

openSUSE-SU-2018:3051-1: An update that fixes 20 vulnerabilities is now available.

Category: security (important)
Bug References: 1066489,1084603,1098998,1107343,1107772,1109363,1109379
CVE References: CVE-2017-16541,CVE-2018-12359,CVE-2018-12360,CVE-2018-12361,CVE-2018-12362,CVE-2018-12363,CVE-2018-12364,CVE-2018-12365,CVE-2018-12366,CVE-2018-12367,CVE-2018-12371,CVE-2018-12376,CVE-2018-12377,CVE-2018-12378,CVE-2018-12383,CVE-2018-12385,CVE-2018-16541,CVE-2018-5156,CVE-2018-5187,CVE-2018-5188
Sources used:
openSUSE Leap 42.3 (src):    MozillaThunderbird-60.2.1-77.2
openSUSE Leap 15.0 (src):    MozillaThunderbird-60.2.1-lp150.3.19.1

SUSE-SU-2018:3247-1: An update that fixes 19 vulnerabilities is now available.

Category: security (important)
Bug References: 1066489,1084603,1098998,1107343,1107772,1109363,1109379
CVE References: CVE-2017-16541,CVE-2018-12359,CVE-2018-12360,CVE-2018-12361,CVE-2018-12362,CVE-2018-12363,CVE-2018-12364,CVE-2018-12365,CVE-2018-12366,CVE-2018-12367,CVE-2018-12371,CVE-2018-12376,CVE-2018-12377,CVE-2018-12378,CVE-2018-12383,CVE-2018-12385,CVE-2018-5156,CVE-2018-5187,CVE-2018-5188
Sources used:
SUSE Linux Enterprise Workstation Extension 15 (src):    MozillaThunderbird-60.2.1-3.13.1

openSUSE-SU-2018:3687-1: An update that fixes 25 vulnerabilities is now available.

Category: security (important)
Bug References: 1066489,1084603,1098998,1107343,1107772,1109363,1109379,1112852
CVE References: CVE-2017-16541,CVE-2018-12359,CVE-2018-12360,CVE-2018-12361,CVE-2018-12362,CVE-2018-12363,CVE-2018-12364,CVE-2018-12365,CVE-2018-12366,CVE-2018-12367,CVE-2018-12371,CVE-2018-12376,CVE-2018-12377,CVE-2018-12378,CVE-2018-12383,CVE-2018-12385,CVE-2018-12389,CVE-2018-12390,CVE-2018-12391,CVE-2018-12392,CVE-2018-12393,CVE-2018-16541,CVE-2018-5156,CVE-2018-5187,CVE-2018-5188
Sources used:
SUSE Package Hub for SUSE Linux Enterprise 12 (src):    MozillaThunderbird-60.3.0-74.2