Public Sandbox Escape bug reports.

Team Bounty Title
Sandbox Escape $3,000 Microsoft Internet Explorer ActiveX Broker Allows EPM Bypass
Sandbox Escape $3,000 Internet Explorer Enhanced Protected Mode sandbox escape via a broker vulnerability
Sandbox Escape $5,000 .NET Type Traversal Vulnerability
Sandbox Escape - OSX ATS memory corruption may lead to App Sandbox bypass
Sandbox Escape - OSX ATS arbitrary free issue may lead to App Sandbox bypass
Sandbox Escape $10,000 Linux PI futex self-requeue bug
Sandbox Escape $5,000 Win32k Window Handle Vulnerability (EoP)
Sandbox Escape $3,000 Linux 3.4+: arbitrary write with CONFIG_X86_X32