diff --git a/image/decoders/nsGIFDecoder2.cpp b/image/decoders/nsGIFDecoder2.cpp
index 0e7b346912e..633551df593 100644
--- a/image/decoders/nsGIFDecoder2.cpp
+++ b/image/decoders/nsGIFDecoder2.cpp
@@ -824,10 +824,15 @@ nsGIFDecoder2::WriteInternal(const char* aBuffer, uint32_t aCount)
       mGIFStruct.is_transparent = *q & 0x1;
       mGIFStruct.tpixel = q[3];
       mGIFStruct.disposal_method = ((*q) >> 2) & 0x7;
-      // Some specs say 3rd bit (value 4), other specs say value 3
-      // Let's choose 3 (the more popular)
+
       if (mGIFStruct.disposal_method == 4) {
+        // Some specs say 3rd bit (value 4), other specs say value 3.
+        // Let's choose 3 (the more popular).
         mGIFStruct.disposal_method = 3;
+      } else if (mGIFStruct.disposal_method > 4) {
+        // This GIF is using a disposal method which is undefined in the spec.
+        // Treat it as DisposalMethod::NOT_SPECIFIED.
+        mGIFStruct.disposal_method = 0;
       }
 
       {
diff --git a/image/test/crashtests/crashtests.list b/image/test/crashtests/crashtests.list
index b03a27a299a..59a3d14fff3 100644
--- a/image/test/crashtests/crashtests.list
+++ b/image/test/crashtests/crashtests.list
@@ -47,3 +47,8 @@ load multiple-png-hassize.ico
 load 856616.gif
 
 skip-if(AddressSanitizer) skip-if(B2G) load 944353.jpg
+
+# Bug 1160801: Ensure that we handle invalid disposal types.
+load invalid-disposal-method-1.gif
+load invalid-disposal-method-2.gif
+load invalid-disposal-method-3.gif
diff --git a/image/test/crashtests/invalid-disposal-method-1.gif b/image/test/crashtests/invalid-disposal-method-1.gif
new file mode 100644
index 00000000000..30c61de188b
Binary files /dev/null and b/image/test/crashtests/invalid-disposal-method-1.gif differ
diff --git a/image/test/crashtests/invalid-disposal-method-2.gif b/image/test/crashtests/invalid-disposal-method-2.gif
new file mode 100644
index 00000000000..66158d81a90
Binary files /dev/null and b/image/test/crashtests/invalid-disposal-method-2.gif differ
diff --git a/image/test/crashtests/invalid-disposal-method-3.gif b/image/test/crashtests/invalid-disposal-method-3.gif
new file mode 100644
index 00000000000..0da0723773e
Binary files /dev/null and b/image/test/crashtests/invalid-disposal-method-3.gif differ