The worst is when they redirect you to some /nojs page or similar that doesn’t even have scripts from whatever source was required for it to run so I can’t just tell noscript to allow whatever seems relevant, I have to blanket allow scripts temporarily.

The exploit is years old and has been unknown until recently, and they specifically didn’t list which versions are affected to avoid making it easier to figure out through code changes.