Block access to Components.interfaces from content script
Components.interfaces can be used to fingerprint browser user agent down to OS and minor version. This might not be a lot of data for fingerprinting (depending on how well we keep users upgraded), but it certainly is a concern for targeting exploit payloads against a particular OS and version combo.
Here's an (outdated) PoC: http://pseudo-flaw.net/tor/torbutton/fingerprint-firefox.html
Here's the Firefox bug for this: https://bugzilla.mozilla.org/show_bug.cgi?id=429070