Mozilla is getting ready to remove support for the File Transfer Protocol (FTP) from the Firefox web browser due to security concerns.
FTP has been around for nearly five decades, allowing for the transfer of files between computers. The protocol is built on a client-server model architecture and has been considered insecure, being secured with SSL/TLS (FTPS) or replaced with SSH File Transfer Protocol (SFTP).
For a couple of years, Google has been marking FTP resources as insecure in Chrome, and the company deprecated the protocol in Chrome 80, which was released last month. The Internet giant aims to completely remove support for FTP in Chrome 82.
Mozilla too is considering removing support for the FTP protocol from its browser, Mozilla developer Michal Novotny revealed this week in a post on the mozilla.dev.platform list.
According to Novotny, FTP will be turned off by default in Firefox 77, although it would be enabled by default in version 78 ESR. Furthermore, the developer said, the code will be completely removed from Firefox at the beginning of 2021.
“We’re doing this for security reasons. FTP is an insecure protocol and there are no reasons to prefer it over HTTPS for downloading resources,” Novotny said.
The developer also highlights the fact that part of the FTP code is very old and unsafe, and that maintaining it is a difficult task. Moreover, it is riddled with lots of security bugs, he says.
“After disabling FTP in our code, the protocol will be handled by external application, so people can still use it to download resources if they really want to. However, it won’t be possible to view and browse directory listings,” Novotny explains.
The plan to remove support for the insecure protocol is not surprising, given Mozilla’s focus on keeping its users secure, including by enabling DNS-over-HTTPS by default for users in the United States.
Related: Firefox 74 Patches Vulnerabilities, Disables TLS 1.0 and 1.1
Related: Firefox Gets DNS-over-HTTPS as Default in U.S.
Related: Chrome 80 Released With 56 Security Fixes
More from Ionut Arghire
- Organizations Worldwide Targeted in Rapidly Evolving Buhti Ransomware Operation
- Google Cloud Users Can Now Automate TLS Certificate Lifecycle
- NCC Group Releases Open Source Tools for Developers, Pentesters
- Memcyco Raises $10 Million in Seed Funding to Prevent Website Impersonation
- Apria Healthcare Notifying 2 Million People of Years-Old Data Breaches
- European Cybersecurity Firm Sekoia.io Raises $37.5 Million
- GitLab Security Update Patches Critical Vulnerability
- Android App With 50,000 Downloads in Google Play Turned Into Spyware via Update
Latest News
- Industrial Giant ABB Confirms Ransomware Attack, Data Theft
- Organizations Worldwide Targeted in Rapidly Evolving Buhti Ransomware Operation
- Google Cloud Users Can Now Automate TLS Certificate Lifecycle
- Zyxel Firewalls Hacked by Mirai Botnet
- Watch Now: Threat Detection and Incident Response Virtual Summit
- NCC Group Releases Open Source Tools for Developers, Pentesters
- Memcyco Raises $10 Million in Seed Funding to Prevent Website Impersonation
- New Russia-Linked CosmicEnergy ICS Malware Could Disrupt Electric Grids
