>FF 0day isn't all that expensive so simply disabling JavaScript won't be an option in the future
Do you have any example of exploit that would no require javascript? AFAIK they are usually about javascript memory handling in order to evade the sandbox
Just go through FF CVEs and look for vulnerabilities that enable remote code execution without .js like .cpp malformed text rendering.
Doesn't seem to me that the FBI cares about hiding the fact your browser has been exploited as their last known attempt (freedom hosting) didn't try very hard to cover it's tracks.
I'm not too sure about Firefox specifically but I know there were some vulnerabilities in image format handling etc. that could be exploited without JS; this is the most prominent one that comes to mind:
However, to evade detection and frustrate any reverse-engineering attempts, even these sorts of exploits are usually "packaged" in an obfuscated JS wrapper, so they would still require it enabled to work.
Do you have any example of exploit that would no require javascript? AFAIK they are usually about javascript memory handling in order to evade the sandbox