CSS features allow real-time tracking
Proof of Concept: https://twitter.com/davywtf/status/1124146339259002881 Code for proof: https://gist.github.com/wybiral/c8f46fdf1fc558d631b55de3a0267771
Beyond simply fingerprinting based on browsing behavior an attacker could also determine the referring page based on the mouse position at page load.
Solutions to fix the problem would break some aesthetic functionality (i.e. no more :hover image changes) but at that cost it would be trivial to prevent.
Ideally we could eliminate all types of asset requests (e.g. image changes) in all types of pseudo-class selectors or prefetch all asset requests on page load. But that proposal sounds bigger than Tor Browser.