That's a reasonable default for 99% of Tor users. For that last 1%, there is the safe/safer/safest slider bar that is a single click away.
Javascript also has nothing to do with these attacks. Even if you turn off Javascript, KAX17 can still attempt end-to-end correlation attacks. This is much scarier than a Javascript browser exploit.
Javascript also has nothing to do with these attacks. Even if you turn off Javascript, KAX17 can still attempt end-to-end correlation attacks. This is much scarier than a Javascript browser exploit.