Tor Browser 7.0.9 is released (Linux/MacOS users) – Fixes a critical security flaw that leaks IP address. The vulnerability resides in FireFox that eventually also affects Tor Browser, since the privacy-aware service that allows users to surf the web anonymously uses FireFox at its core. TorMoil vulnerability is triggered when users click on links that begin with file:// addresses, instead of the more common https:// and https:// addresses. The Tor Project has issued a temporary workaround to prevent the real IP leakage.
Source: https://thehackernews.com/2017/11/tor-browser-real-ip.html