An example of the payload that target massively Tor is accessible here : Tor exploit. It consists of one HTML and one CSS file. They are used to get access to "VirtualAlloc" in "kernel32.dll".
Mozilla and Tor released a patch
Who benefits this vulnerability
Update Firefox and Tor
If you are a Firefox or Tor user, you should update them now. The Firefox security release shows the correction of a Firefox SVG Animation Remote Code Execution. The Tor security release writes this : The security flaw responsible for this urgent release is already actively exploited on Windows systems. Even though there is currently, to the best of our knowledge, no similar exploit for OS X or Linux users available the underlying bug affects those platforms as well. Thus we strongly recommend that all users apply the update to their Tor Browser immediately. A restart is required for it to take effect..