A digital signing flaw killed NoScript security add-ons for Firefox and Tor browsers. A fix is available for Firefox, but no patch is yet available for Tor users. NoScript is a Java-blocker that prevents active content from running if it s from untrusted sites. Mozilla has pushed out a fix in version 66.0.4 of Firefox on Desktop and Android, and version 60.6.2 for ESR. No fix for Tor has yet been released.
Source: https://threatpost.com/tor-security-noscript-mozilla/144382/