You can clone with
HTTPS or Subversion.
In both cases the phrase "form submit" and "onerror" are mentioned. Oh and they're both the same user/report, despite one being on -users and one on -dev.
At the earlier linked jsfiddle page, with the following test script: https://gist.github.com/1647737
git bisect says that 668b18d is the responsible commit, which is not a big surprise.
Revert "Do not pass a chrome window to GM_xmlhttpRequester."
This reverts commit 668b18d.