FreeIPA might display user data improperly via vectors involving non-printable characters.
Cross-site scripting (XSS) vulnerability in Tenable Nessus before 6.9.3 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
Chrome OS before 53.0.2785.144 allows remote attackers to execute arbitrary commands at boot.
A service worker can send the activate event on itself periodically which allows itself to run perpetually in Firefox before version 60. This allows it to background monitor activity by users such as IP addresses visited.