Google security researcher Michal Zalewski reported that
when a malformed GIF image is repeatedly rendered within a
<canvas>
element, memory may not always be properly
initialized. The resulting series of images then uses this uninitialized memory
during rendering, allowing data to potentially leak to web content.