Mozilla Firefox 1.5.0.6 allows remote attackers to cause a denial of service (crash) via a crafted FTP response, when attempting to connect with a username and password via the FTP URI.
http://www.securityfocus.com/bid/19678
http://www.securityfocus.com/archive/1/444064/100/0/threaded
http://www.debian.org/security/2006/dsa-1227
http://www.debian.org/security/2006/dsa-1225
http://www.debian.org/security/2006/dsa-1224
http://securityreason.com/securityalert/1444
http://secunia.com/advisories/23235