During sr they slipped code in all of the freedom hostings sites and then executed an exploit of the tor browser bundle itself for the javascript exploit which unmasked all tor users on any freedom hosting site.
My question is about how that works. Can I infer from this that I never have to actually worry about javascript exploits unless le has found an exploit in the entire tor browser bundle? Am I misundersanding how this thing worked? Could having javascript enabled allow for some code which could unmask me if they havent found a new exploit in the tor browser bundle?
Yes, if you allow javascript you're doomed, LE can manage to either add a script to the website in case of a seizure but also can inject raw js if they can decrypt the packets and as of now it seems that they CAN decrypt tor traffic : see https://gizmodo.com/the-nsa-can-probably-break-tors-encryption-keys-1273299782, disabling JS is not bullet proof but not doing so is really not a good idea ... no way to have both, it would be a great idea to have ACL or something along the line of the "function_disabled=" property of php.ini for javascript in order to disable certain call that could lead to a leak of real IP (but it's just the dev inside me talking right now)