NoScript leaks browser locale if objects are blocked and JavaScript is allowed
If one customizes NoScript in a way that objects are blocked and JavaScript is enabled then the browser locale is leaked even if the user opted in in hiding it. This issue got reported to our HackerOne bug bounty program by ryotak, thanks!
A copy of the developed PoC can be found at: https://people.torproject.org/~gk/tests/poc_noscript_locale_leak.html.
To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information