Block Components.lookupMethod in TorBrowser
It appears that EMCAScript 5 added official support for hooking JS objects for protection against XSS. However Firefox seems to have left a backdoor to undo these hooks in the form of Components.lookupMethod, which is marked "unconfigurable" (which means it cannot be hooked).
We should remove this bit, and/or neuter this API in TorBrowser. This should allow us to safely write JS hooks to deal with fingerprinting issues in the window object and the DOM.