"In a tweet, Zerodium said the vulnerability is a full bypass of the "Safest" security level of the NoScript extension that's included by default with all Tor Browser distributions..." https://www.zdnet.com/article/exploit-vendor-drops-tor-browser-zero-day-on-twitter/