What threat do viruses, trojans, scripting attacks, exploits, etc, pose to Tails users? More specifically, supposing the system gets compromised by an attacker(hacker who isn't specifically trying to nail Tor/Tails users) what are the odds my real IP will get leaked?
Also, what are the possible attack vectors? Assuming I have NoScript set to disallow Javascript and don't download any files.
I don't think much is specific to Tails on this topic.
Roughly the same as a regular Debian system. See security for historical data.
If that's the adversary's goal, they can probably achieve it somehow.
This is, in part, a drawback of allowing accesses to resources on the LAN (which is needed for certain usecases).
It might(?) depend on the router type but malware could query your router to return your external IP address. There are utilities to do this. I am hoping the specific protocol that can do it are blocked in Tails.
The good news: Linux in general is still far less affected by viruses and trojans than Win or Mac. In nine years of linux use I have never had a single virus than I know of.
My guess is that the biggest threat to anonymity on Tails (and indeed elsewhere) are probably:
Social engineering attacks which trick the user into revealing their identity or installing a trojan/malware which then either breaks firewall rules or queries your router to determine your ext IP address.
Browser fingerprinting attacks.
Attacks on the tor network such as a malicious site that takes advantage of a browser vulnerability to circumvent tor or end-to-end timing attacks.