Might not be news to some of you but Certain Exit Nodes are still vulnerable to Heartbleed, and they are leaking Tor users' HTTP requests.
Source: https://github.com/canselcik/tor-exit-nodes_heartbleed
Download from: https://www.torproject.org/download/download.html.en
It's probably helpful to point out that the browser bundle 3.5.4 includes the OpenSSL fix.
As described here
You can check the current browser version number at the upper right of the "Congratulations" page.