Today I'll let you in on a trick I developed.
One problem for many researchers is that when they found a browser issue or vulnerability, they must test it on different platforms, and different setups to guarantee that the vulnerability works in most cases. From an attackers standpoint this is way more crucial, because it is important to know that your exploit can work on different systems and browsers. Problem is, how do you arrange that? You could buy yourself a nice Beowulf cluster, but a cheap alternative is to let web based services do it for you. This can be done fairly simple by abusing the web applications that allow you to make screenshots. We create proof of concept code and place it on one of our own servers. We then feed the link to the screenshot service to see how each browser on each platform responds. One service that allows you to do this, is browsershots.org.
These services run mostly on VMware and they can be abused. If I launch a page with an old vulnerability against Firefox 1.5 or any kind of vulnerable browser which I can select upon, I could possibly crash their service, or execute code. Of course this could turn out very badly, and you can imagine what we could do. Like setting up a shell on that box for instance. But more important we can also abuse these service to attack other websites through their virtual machine. SQL injection comes to mind, CSRF or simply launching worms from their system. You get the point: it shows that everything has a flip-side.
I might crashed a couple of browsers here and there with my latest Firefox test case.
My apologies, it's all in the name of a safer browser. :)
Try it yourself: http://www.browsershots.org/