Mozilla Firefox 3 before 3.0.1 on Mac OS X allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted GIF file that triggers a free of an uninitialized pointer.
secunia.com/advisories/31132
secunia.com/advisories/31270
secunia.com/advisories/34501
securitytracker.com/id?1020516
sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1
www.mozilla.org/security/announce/2008/mfsa2008-36.html
www.securityfocus.com/bid/30266
www.ubuntu.com/usn/usn-626-1
www.vupen.com/english/advisories/2008/2125
www.vupen.com/english/advisories/2009/0977
bugzilla.mozilla.org/show_bug.cgi?id=441360
exchange.xforce.ibmcloud.com/vulnerabilities/43850