Common Vulnerabilities and Exposures assigned an identifier CVE-2008-4723 to the following vulnerability: Multiple cross-site scripting (XSS) vulnerabilities in Mozilla Firefox 3.0.1 through 3.0.3 allow remote attackers to inject arbitrary web script or HTML via an ftp:// URL for an HTML document within a (1) JPG, (2) PDF, or (3) TXT file. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. Affected Firefox versions: 3.0.1 through 3.0.3 References: http://www.securityfocus.com/bid/31855/info
PoC: http://www.securityfocus.com/bid/31855/exploit
This is not a security issue. Firefox is properly handling the FTP URL and displaying the content returned.