I noticed that Firefox with version 23 removed option to turn OFF JavaScriipt from Tools > Options > Content menu http://www.extremetech.com/computing/163291-firefox-23-finally-kills-the-blink-tag-removes-ability-to-turn-off-javascript-introduces-new-logo Recent events when allegedly FBI used JavaScript in iframe to exploit bug in Firefox with intentions to uncover identity of users of TOR network encouraged me to play with security settings a bit. More about how FBI exploited Firefox bug to execute malitious JavaScript on users computers: https://lists.torproject.org/pipermail/tor-announce/2013-August/000089.html More biased articles can be found in popular media articles. Just google "TOR exploit FBI" ISSUE: Symptoms: I noticed that turning iFrames OFF in about:config > browser.frames.enabled;false seems to not be working as expected. Iframes are still shown and JavaScript in them is executed. Doesnt work even after resterting Firefox. Testing: I used this pages to test iFrames: •https://sites.google.com/site/annuairevin/test-page •http://www.w3schools.com/tags/tryit.asp?filename=tryhtml_iframe •http://www.quirksmode.org/iframetest.html After I turned browser.frames.enabled OFF and restarted I noticed that iFrames are still shown on all 3 pages and JavaScript in them would be executed. By blocking IFRAMES with NoScript blocking turned ON (you have to turn forbidding IFRAMES on manually in options http://i.imgur.com/7jctoTW.png) I managed to block IFRAMES on google and w3school pages. !!!Text in iframe "Test page in iframe" on quirksmode test page was still shown even after I have frames turned OFF in about:config and I block all scripts and frames and iframes with NoScript. If I open same page (http://www.quirksmode.org/iframetest.html) with Opera with iFrames blocked in Preferences, iFrame is not shown at all, browser doesnt even render empty square; but JavaScript in it is executed, if you dont disable JavaScript in Preferences > Advanced. I didnt test Chrome at all. Possible things that can cause bug: •I am using NoScript 2.6.7, I turned it off and on but it is possible that it is overriding Firefox settings in about:config. when you serach about:config for "frames" there are many settings mentioning frames from NoScript and AdBlockPlus. •AdBlock Plus 2.3.2? Same reason as NoScript. •Fot the first time I noticed Shield in the address bar with "Firefox has blocked content that isnt secure" bubble. http://i.imgur.com/K4FL65n.png. I dont know how long this feature is implemented or what exactly it does, here are some details: https://support.mozilla.org/en-US/kb/how-does-content-isnt-secure-affect-my-safety?as=u&utm_source=inproduct P.S. Just small remark. If that is true: "Finally, Firefox 23 removes the option to disable JavaScript from the Options pane — and if you had JavaScript turned off, it has been turned back on." There should be some warning when Firefox is updated that JS was turned ON. I think that for me FF updated silently without any messages. OR maybe I blatantly closed some windows, i dont remember well.