<!--[if lt IE 9]>
The above link is actually linking to Google (ajax.googleapis.com):
and not to
as you may think.
One hour after report I received an answer from the TorBroker:
To exploit this vulnerability an attacker would have to control the specific exit node the targeted TorBroker user is currently exiting through. This is not easy to accomplish, so we do not consider this to be a critical vulnerability. However, given the nature of our service we insist on providing the best possible security for our customers, so we have updated the code to remove this point of attack.
Thank you for the report!TorBroker
I confirm that this problem is solved: