Re: "visit a website containing malicious JavaScript"
NoScript really doesn't help in this case. The best route to weaponize this would be to compromise a popular website and inject the malicious JavaScript. Provided it is one of the many sites that requires JavaScript to function, it will be whitelisted for most NoScript users.