icedove is not the best email client for privacy-conscious folks
- it has a built-in web browser; and it the ability to configure
its behavior is minimal - im not sure; but that javascript
setting may only affect the web browser

overall, i would suggest using claws-mail, sylpheed, or some
other one, which does not have a built-in web browser - for
icedove, there is a 'icedove-hardened-preferences' package in the
[nonprism] repo, which disables many features of that sort,
including 'javascript.enabled'

https://git.parabola.nu/abslibre.git/tree/nonprism/icedove-hardened-preferences/icedove-branding.js

rather than disabling only javascript though, it is best to
disable rendering of HTML in emails entirely, presenting only the
plain text part of the email - with that setting, some emails
will be empty; but in practice, 99% of email which does not have
a plain text part, is advertisements

that can be done in the GUI; but its a bit clumsy to do, and
difficult to explain how; because the UI is ao awful (these exact
instructions would not have been accurate a few months ago; and
probably wont be accurate in a few months from now) - but today
you can:

• press ALT+f
• use then menu to select: view->message_body_as->plain_text
• press the "hamburger" button
• use the menu to select: preferences->preferences
• click on the "lone ranger mask" button
• deselect 'allow remote content' under the 'mail content' heading