Tor Project releases Tor Browser 9.0.7 with a permanent fix for a bug that allowed JavaScript code to run on the Safest security level in some situations while using the previous Tor Browser version. Tor Browser users are relying on its security features to anonymously browse the Internet without tracking, surveillance, or censorship. Users were recommended to follow toggle off the javascript.enabled flag within the browser’s about:config dialog. Tor Project: “If you browse on Tor Browser’s “”Safest”” security level: This release disables Javascript”””
Source: https://www.bleepingcomputer.com/news/security/tor-browser-907-patches-bug-that-could-deanonymize-users/