Allowing only HTTPS JavaScript on the medium security slider level is broken

isGlobalHttps: function(win, /*optional */ s) {
    let allow = false;
    if (s && !this._isHttpsAndNotUntrusted(s)) return false;

    for (;; win = win.parent) {
      let site = this.getSite(this.getPrincipalOrigin(this.getPrincipal(win.document)));
      if (!(allow = s && site === s || this._isHttpsAndNotUntrusted(site)) || win === win.parent)
        break;
      s = site;
    }

    return allow;
  },

let site = this.getSite(this.getPrincipalOrigin(this.getPrincipal(win.document)));

breaks as win is null.

This happens on a Tor Browser nightly with e10s enabled and based on ESR52 (tested on Linux 64 bits). The result is that the NoScript icon does not get updated anymore and I guess all JS is disabled (I have not verified that).

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information