GitHub relies way too much on the UA, and none of our browsers provides GitHub with a suitable UA out of the box (or .7z). Well, Serpent 52 does, but only in "native" move (not in FF-compatible mode). So Iset an SSUAO with Serpent 52's native UA string, Mozilla/5.0 (Windows NT 6.1; rv:52.0) Goanna/4.4 Basilisk/52.9.0, for github.com (to be consistent and safe, I also set the same SSUAO for githubassets.com and githubusercontent.com, although I don't think those are strictly necessary).
Note that FF 60.9 also works, but the MCP's latest browsers now default to FF 68.9, which doesn't work (unless you're running a Quantum browser).
It's nonsense like this that makes me somewhat sympathetic to what Google is proposing to do with user agents. Web sites should base their functionality on the capabilities of the browser, not its version or what OS it's running on.
I've been wondering the same thing. My first thought was that the vulnerability probably affects versions based on FF 49, when the JS engine was rewritten, or later; if so, then FF 45, NM 27, ArcticFox, etc. wouldn't be vulnerable. But as you say, the javascript.options.ion pref does exist in those older browser versions, so I'm not all that confident about that assessment.