Credit: jduck
Stagefright, no stranger to the Pwnies this year, was also a client-side vulnerability exploitable through multiple web browsers on Android. NorthBit released their ASLR bypassing exploit for a Stagefright vulnerability targeting the Nexus 5 running Android 5.0.1. They left it as an exercise to the reader to port their exploit to all of the other umpteen billion Android devices and firmware combinations that people actually use.