Mozilla Firefox 3 before 3.0.1 on Mac OS X allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted GIF file that triggers a free of an uninitialized pointer.

More... (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2934)