The RC4 cipher flags in TBB must be set to "false" by default

Related to the obsolete/broken RC4 cipher, the TBB v5.0.3 about:config -> RC4 has 5 flags set to "true" by default

security.ssl3.ecdhe_ecdsa_rc4_128_sha;true security.ssl3.ecdhe_rsa_rc4_128_sha;true security.ssl3.rsa_rc4_128_md5;true security.ssl3.rsa_rc4_128_sha;true security.tls.unrestricted_rc4_fallback;true

Since the RC4 was proved insecure and obsolete, the TBB must avoid using this by default

https://community.qualys.com/blogs/securitylabs/2015/05/21/ssl-labs-117-obsolete-crypto-rc4-and-logjam

Trac:
Username: TORques