Hello,
it seems that the latest Tails (1.3) ships with a vulnerable version of
NoScript, that allows to bypass the "Disable Scripts" settings. I know
that this is outside the threat model of Tails, since scripts are
enabled by default, but since some users are manually activating this
setting, I think that it's still relevant.
Anyway, I wrote a quick'n'dirty proof of concept for this vuln, if you
want to play a bit with it:
http://dustri.org/b/noscript-script-disabled-bypass-poc-for-tails-13.html
Cheers,