The first link above is vulnerable to reverse tabnabbing since it uses target="_blank". Try clicking the link normally, or with a modifier key (shift, meta, etc), but without using a right click context menu. You'll be taken to a new tab, and this page will redirect to a fake attacker's "phishing page". The new tab is able to redirect this page using window.opener.location. The second link, however, is protected by using blankshield(), the function provided by this library.

Why is this harmful? Because neither the linked-to page, nor the phishing page lie on the same domain or origin as this GitHub page. The site doesn't need to be compromised. It just needs to allow user-submitted anchors with target="_blank".

The following table outlines the scope of affected browsers:

Browser Click Shift + click Meta/Ctrl + click Chrome 40 x x x Firefox 34 Opera 26 x x x Safari 7, 8 x IE6...11 [1]

IE is not vulnerable to the attack by default. However, this can change depending on security zone settings.