Hi all
In certain online security communities there is a perception that the ‘Safest’ security-level does not properly facilitate disablement of JavaScript and other dynamic functionality. In my testing fortunately have not seen this case.
Suspect this perception may come from a certain incident from 2019 where a Mozilla code-signing certificate expired that caused Firefox and thus Tor Browser to disable all add-ons including NoScript of which Tor Browser security-levels use internally.
Certain communities advocate to globally enforce JavaScript disablement using the about:config property javascript.enabled to false.
If one could ask do Tor Browser developers have comments on the above concern and more importantly have Mozilla and/or Tor Browser developers implemented further mitigations after this incident?
Thank you