Mozilla Firefox 1.5.0.6 allows remote attackers to cause a denial of service (crash) via a crafted FTP response, when attempting to connect with a username and password via the FTP URI.
secunia.com/advisories/23197
secunia.com/advisories/23202
secunia.com/advisories/23235
securityreason.com/securityalert/1444
www.debian.org/security/2006/dsa-1224
www.debian.org/security/2006/dsa-1225
www.debian.org/security/2006/dsa-1227
www.securityfocus.com/archive/1/444064/100/0/threaded
www.securityfocus.com/bid/19678