[flatiron]

what about just toggling javascript.enabled ?

[tmpaccount823]

I can confirm that setting javascript.enabled to false would have prevented that bug in older versions.

I've always thought that the highest security setting would set it to false on its own, but apparently it does not.