The best thing you can do for your security is switch to Tails or Whonix. There are other ways a browser can be exploited besides JavaScript, and the next payload that LE delivers may target Linux and OS X as well, but at least with Tails, if you are not running as root, it would be more difficult to bypass Tor. Whonix is even more secure than Tails, because bypassing Tor requires breaking out of the VM, and I haven't heard of an exploit for that in the last few years, although there have been privilege escalation exploits to gain root access on Linux (which would affect Tails). The downside is the VMs obviously exist on your hard drive so it's not a "leave no trace" solution like Tails, and the Workstation VM does not have disk encryption out of the box, so you'd have to store it in an encrypted volume yourself, or install a custom OS with full disk encryption of the virtual hard disk. So making it safer in that regard is more difficult. Tails is more of a plug-n-play solution.