The maker of Firefox dropped support for File Transfer Protocol (FTP) in version 90 of the browser.
FTP has been used for a long time to exchange files between computers on a network, but it is burdened by security issues that browser makers are dropping support for the protocol, as the exchange takes place without encrypting data.
“The biggest security risk is that FTP transfers data in clear text, allowing the transmitted data to be easily stolen, spoofed and even modified,” noted the Mozilla security team.
“To date, many malware distribution campaigns launch their attacks by compromising FTP servers.”
Google also dropped FTP support in Chrome 88, which was released in December. Google had the same thinking to eliminate FTP from Chrome.
FTP in Chrome didn’t have any support for encrypted connections (FTPS), nor proxies. Google has been championing HTTPS everywhere and FTP has hampered that effort.
Google also found that the use of FTP in the browser was “low enough that it was not feasible to invest in improving the existing FTP client”, Google suggested that people could use more capable FTP on various operating systems.
“In line with our intention to discontinue unsecured HTTP and increase the percentage of secure connections, we, as well as other major browsers, have decided to discontinue support for the FTP protocol,” quoted Mozilla.
The move to eliminate FTP in Firefox is also an evolution of Mozilla’s effort to completely remove FTP support. In April I had already disabled FTP by default in Firefox 88.
“Once your Firefox is automatically updated to version 90, any attempt to launch an attack based on the insecure FTP protocol will be totally futile as Firefox no longer supports FTP,” quoted Mozilla.