

Browser JavaScript is already sandboxed, so there is a limit to the info that can be accessed, though it does expose some of basic information you’ve listed.
To the best of my knowledge, the only items that can be accessed from the ones you listed are:
- current time (by creating a Date object)
- operating system and version (though this is usually not precise info and only provides a rough version)
an example of the info that can be accessed (via the navigator property) for a Windows pc is:
# platform = Win32
# appCodeName = Mozilla
# appName = Netscape
# appVersion = 5.0 (Windows; en-US)
# language = en-US
# mimeTypes = [object MimeTypeArray]
# oscpu = Windows NT 5.1
# vendor = Firefox
# vendorSub = 1.0.7
# product = Gecko
# productSub = 20050915
# plugins = [object PluginArray]
# userAgent = Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.12) Gecko/20050915 Firefox/1.0.7
As you can see it’s not a whole lot of information. Certainly there is no way to get the serial number or other hardware information. Also, local files cannot be accessed without permission.
There are some user agent spoofer addons that will change the user agent string. I am not sure but i imagine some of those also allow overriding this navigator information to anonymize that data further. Preventing accessing the user’s time zone would be pretty impossible though given how the Date object works.
Well, undiscovered vulnerabilities are kind of a special case. You can’t do anything about those except turn off your pc entirely. Using NoScript isn’t necessarily going to help with those.