Disabling JIT?
Unless they do something similar to NoScript most of the scripting attack vectors are still there.
I am aware that NoScript is probably a bit too much hassle for non technical users as half the web sites display something along the lines of "please enable scripting, this site depends on it" and another quarter simply displays a blank page.
I still wonder why no browser allows to block scripts by default but allow them for specific sites in a session in a simple way like NoScript for advanced users.
Biting the hand that feeds IT
