<p>Launching of arbitrary local application with provided arguments</p>
<p>Filetype spoofing where executables can masquerade as benign content types</p>
<p>Installation & execution of plugins/modules with chrome/native privileges, without user consent or via user dialog fatigue</p> <p>Any crash where random memory or NULL is executed (the top of the stack is not a function)</p> <p>Any crash where random memory is accessed (these are usually marked as [sg:critical?] because they are harder to exploit)</p></td>
</tr>
<tr>