In 2008-2010 I researched common Javascript Math.Random implementations, and multipart boundary strings. I found them to be predictable in all major browsers, and I explored the security and privacy implications (e.g. a limited form of user tracking, and [surprisingly] over-the-web VM detection).
Temporary user tracking in major browsers and Cross-domain information leakage and attacks (June 8th, 2009)
CVE-2008-5913, BugTraq ID 33276
Google Chrome 3.0 (Beta) Math.random vulnerability (August 31st, 2009)
BugTraq ID 36185
Cross-domain information leakage in Firefox 3.6.4-3.6.8, Firefox 3.5.10-3.5.11 and Firefox 4.0 Beta1 (September 14th, 2010)
BugTraq ID 43222, CVE-2010-3171, CVE-2010-3399, MFSA2010-33
Google Chrome 6.0 and above Math.random vulnerability (November 16th, 2010)
Cross-domain information leakage and Temporary user tracking attacks in Apple Safari 4.0.2-4.0.5 and Apple Safari 5.0-5.0.2 (Windows) (November 21st, 2010)
CVE-2010-3804, BugTraq ID 44952
Detecting virtualization over the web with IE9 (platform preview) and Semi-permanent computer fingerprinting and user tracking in IE9 (platform preview) (December 2nd, 2010)