Original Testcase
Some joker just posted "Firefox 1.5.0.3 code execution exploit" on 
Bugtraq with the body:
  try this with Firefox 1.5.0.3
  www.gavinsharp.com/tmp/ImageVuln.html

That link is the URL field from bug 334341 for which Secunia posted an
advisory on April 18.
  bug 334341: https://bugzilla.mozilla.org/show_bug.cgi?id=334341
  SA 19698:   http://secunia.com/advisories/19698/

Because of the inflammatory subject ("Code execution") we may get
queries about this. It's not a new issue, refer back to secunia's
advisory. This has been patched and the fix will be released in the
upcoming Firefox 1.5.0.4 as can be seen in the bug. The latest 1.5.0.4
schedule is posted publicly on the wiki:
http://wiki.mozilla.org/Firefox:1.5.0.4:Schedule

key facts about the bug:
* victim would have to right-click and select "view image"
  on the broken image -- not a common thing to do.
* the attacker can only refer to files *already* on the victim's
  machine in known locations. The attacker cannot supply arbitrary code
* We will not run files with an executable extension
* By default we ask the user if they want to run the external
  handler, but for common media types the user
  may have previously selected to open without asking and some
  plugins install themselves as handlers.

Any "code execution" would require knowing an exploitable flaw in a
commonly-installed media handler, and if you knew one of those you could
exploit it directly off the web with an image, <embed> tag or "click
here" link. You would not futz around trying to save it on the user's
disk first and then try to convince the victim to do the uncommon
right-click "view image" action on it.