>>17
Then update their wiki, and mention it. The title of this thread should be called: exploit with JS on Tor browser, or malware in JS. This is also why I use I2P and Freenet for my hidden services, not that Tor shit. Yes, even a Socks proxy hidden gateway.
>>18
For general public, not yet ready. And yeah, the way browsers are being built to send client information in HTTP is pretty much a killer in identifying an user, even if in a firewall/proxy. Why often I bark at most HTTP servers requesting shit they should not have to, and client giving information they shouldn't. Since the inception of HTTP, it's purpose was not anonymity. Actually, tor does not even qualify for that thread level:
https://www.torproject.org/projects/torbrowser/design/