Security/Reviews/Firefox4/ByteArray Security Review
You get access to a predefined array that maps pretty literally to a chunk of memory. Can't access pointers or other underlying mechanisms (in theory).
Maybe you could inject values into the bytearray that would be a NaN (inside of a GPU especially).. this would probably cause major slowness/DoS at worst.
Related security bug: 555721
Contains only scalar types
Zeroed out at allocation time
Size limit = number of bytes = 2^31