http://krebsonsecurity.com/2013/08/firefox-zero-day-used-in-child-porn-hunt/
“Ironically, all [the malicious code] does is perform a GET request to a new domain, which is hosted outside of the Tor network, while transferring the same UUID,” David said. “That way, whoever is running this exploit can match any Tor user to his true Internet address, and therefore track down the Tor user.”
Two fixes:
1. Disable Javascript in Tor Browser. YOU SHOULD HAVE BEEN DOING THIS FROM THE GET-GO!
2. Get PORTAL: https://github.com/grugq/portal
2a. Install a new OS that supports Full Disk Encryption (such as Linux Mint 15) onto a trusted laptop
2b. Remove the wireless and bluetooth cards
2c. Install PORTAL on a Raspberry Pi
2d. Get at least 1 WiFi USB Adapter (or multiple! Dispose of them!) for the Pi
2e. Run an ethernet cable from your Pi to your new laptop
If you're really concerned about security, do both. There are far more sinister ways they could have used this exploit to unmask Tor users.
At the very least, turn Javascript the fuck off.
