What type of script is this?

[RickRasta]

I found this short animation that plays on this page: http://blog.avast.com/2009/12/10/100-million-users/ (The clip about the 100 millionth user). This plays even when no scripts are running. Could anyone use this type of script for more mischievous purposes?? Or what type of script is it that no script doesn't block? Or am I mistaken and this is not even any type of script?

[therube]

Not a "clip".
It's an animated gif. Just like this .

So whatever exploits that may exist against a gif render-er, I guess could be exploited.

[Giorgio Maone]

So whatever exploits that may exist against a gif render-er, I guess could be exploited.

We should add that you can't do anything about it, short than disabling image display.
On the other hand, Jpeg, GIF and PNG decoders are relatively simple and tested enough today to make a viable exploit very unlikely, especially if compared to how easy is mounting an attack against Javascript or plugins.

[Tom T.]

So whatever exploits that may exist against a gif render-er, I guess could be exploited.

We should add that you can't do anything about it, short than disabling image display.
On the other hand, Jpeg, GIF and PNG decoders are relatively simple and tested enough today to make a viable exploit very unlikely, especially if compared to how easy is mounting an attack against Javascript or plugins.

@ Giorgio: I have image.animation_mode set to "none". The Avast photos remain still images, as do all others. "Assuming" that an exploit were possible, would this prevent it, or are you saying that the exploit would be in one or more of the still images themselves, rather than in the animator?

I also have browser.blink_allowed set to "false".