A very bad news have been published this Week End about Yahoo.com related with malware implant on users computers.
Please read the articles here and check yourself if you have been possibly infected on the computer used for Clearnet (if it is a different PC).
These malwares that were allowed to infect users computers are not trivial malwares please take this news very seriously if you are concerned :
ZeuS
Andromeda
Dorkbot/Ngrbot
Advertisement clicking malware
Tinba/Zusy
Necurs
The problem is related to Java but not directly "Javascript", sorry for my mistake in the OP about this. thanks to the user "ubeek" on this thread to have corrected me on that.
This was NOT related to Javascript. The exploits entry point was through JAVA, not JS.
This is detailed in two of the 3 articles you linked, even going as far as stating that Java is not the same as Javascript. Yes, there are risks in leaving JavaScript enabled, this was not one of them.