Circuit reused after New Identity is selected
Not sure if this is a fault of Tor Browser or TorBrowserButton, it would seem that the latter is at fault, but it's a recent regression (it didn't occur in 2.2.35-7.1) and TorButton version didn't change, so I'm a little confused.
Anyway here's the jist, one of the websites I visit (let's call it IP1) detects if certain Tor exit nodes are used and if the IP is blacklisted it redirects (server-side 302) to a specific URL in another domain (let's call it IP2). In the previous TBB, I just selected New Identity from Tor Button and if I was lucky to have a "clean" exit node IP in the new identity, there would be no redirect. In 2.2.35-8 however, I can try New Identity as many times as I want and it will keep redirecting if I had stumbled on a blacklisted exit node once. I have verified by looking at open circuits in Vidalia's Tor Network Map that this is not because the website has banned more Tor exit nodes. I noticed that after I press New Identity, the circuit for "IP1" remains open. Also, loading IP1 in the browser does NOT open a new connection to IP1, it automatically goes straight to IP2 in a new circuit. If I manually close the "stalled" circuit for IP1, I can finally access the website (if the new connection to IP1 comes from a circuit with a "clean" exit node).
TorBrowserButton should ensure that ALL circuits are closed when New Identity is selected. Otherwise, a website can create unique redirects for every connection and identify users across TorButton identities.