This was used to win a contest: https://securityevaluators.com/knowledge/papers/engineeringh...
Then there's this: http://arstechnica.com/security/2015/08/dram-bitflipping-exp...
And this looks to execute some shellcode (but maybe it doesn't work): http://stackoverflow.com/questions/381171/help-me-understand...
Regardless, the bottom line is clear: if you value security and privacy, you disable JavaScript.