Google security researcher Michal Zalewski discovered that
when a malformated GIF image is rendered in certain circumstances, memory is not
properly initialized before use. The resulting image then uses this memory
during rendering. This could allow for the a script in web content to access
this unitialized memory using the <canvas>
feature.