Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Data Protection

Mozilla to Remove Support for FTP in Firefox

Mozilla is getting ready to remove support for the File Transfer Protocol (FTP) from the Firefox web browser due to security concerns.

Mozilla is getting ready to remove support for the File Transfer Protocol (FTP) from the Firefox web browser due to security concerns.

FTP has been around for nearly five decades, allowing for the transfer of files between computers. The protocol is built on a client-server model architecture and has been considered insecure, being secured with SSL/TLS (FTPS) or replaced with SSH File Transfer Protocol (SFTP).

For a couple of years, Google has been marking FTP resources as insecure in Chrome, and the company deprecated the protocol in Chrome 80, which was released last month. The Internet giant aims to completely remove support for FTP in Chrome 82.

Mozilla too is considering removing support for the FTP protocol from its browser, Mozilla developer Michal Novotny revealed this week in a post on the mozilla.dev.platform list.

According to Novotny, FTP will be turned off by default in Firefox 77, although it would be enabled by default in version 78 ESR. Furthermore, the developer said, the code will be completely removed from Firefox at the beginning of 2021.

“We’re doing this for security reasons. FTP is an insecure protocol and there are no reasons to prefer it over HTTPS for downloading resources,” Novotny said.

Advertisement. Scroll to continue reading.

The developer also highlights the fact that part of the FTP code is very old and unsafe, and that maintaining it is a difficult task. Moreover, it is riddled with lots of security bugs, he says.

“After disabling FTP in our code, the protocol will be handled by external application, so people can still use it to download resources if they really want to. However, it won’t be possible to view and browse directory listings,” Novotny explains.

The plan to remove support for the insecure protocol is not surprising, given Mozilla’s focus on keeping its users secure, including by enabling DNS-over-HTTPS by default for users in the United States.

Related: Firefox 74 Patches Vulnerabilities, Disables TLS 1.0 and 1.1

Related: Firefox Gets DNS-over-HTTPS as Default in U.S.

Related: Chrome 80 Released With 56 Security Fixes

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing for the latest cybersecurity threats, trends, and expert insights.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this live webinar as we break down why email-layer defenses alone can't keep pace with the modern phishing ecosystem, how agentic AI is changing the capacity equation for security teams, and more.

Register

This year's summit will help organizations learn how to utilize tools, controls, and design models needed to properly secure cloud environments. Interact with leading solution providers and other end users facing similar challenges in securing a variety of cloud deployments.

Register

People on the Move

Tracey Mustacchio has joined Everfox as Chief Marketing Officer.

Mark Carter has been appointed Chief Information Security Officer at Socure.

Spektrum Labs has named Mark Cravotta Chief Operating Officer.

More People On The Move

Expert Insights

Four decades of incident response experience suggest that exploits are often the symptom, not the root cause, of today’s cybersecurity failures.

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.