The issues with javascript are not for trying to bypass Tor itself, it is things like remotely turning on your webcam, accessing other devices on the network that are also vulnerable and might contain GPS. It is also possible to access information as i wrote before to identify you by how you move your mouse, pc specs, screen size, plugins and your browsing habits. These are all things the NSA and other agencies use when targeting users.
This video also applies to Tor:
If you have a phone on the network; apps and your usage can also identify who you are. You also must have Tor on at all times, at home and away. If you take your phone outside, don’t use Tor, and come home to a Tor router, you have done nothing for your privacy/security.