The default Tor client ships with a JavaScript-enabled Firefox that is constantly receiving security updates - visit the wrong website and splat.