Virtual Event Today: Cyber AI & Automation Summit - Register/Login Now
Connect with us

Hi, what are you looking for?


Data Protection

Mozilla to Remove Support for FTP in Firefox

Mozilla is getting ready to remove support for the File Transfer Protocol (FTP) from the Firefox web browser due to security concerns.

Mozilla is getting ready to remove support for the File Transfer Protocol (FTP) from the Firefox web browser due to security concerns.

FTP has been around for nearly five decades, allowing for the transfer of files between computers. The protocol is built on a client-server model architecture and has been considered insecure, being secured with SSL/TLS (FTPS) or replaced with SSH File Transfer Protocol (SFTP).

For a couple of years, Google has been marking FTP resources as insecure in Chrome, and the company deprecated the protocol in Chrome 80, which was released last month. The Internet giant aims to completely remove support for FTP in Chrome 82.

Mozilla too is considering removing support for the FTP protocol from its browser, Mozilla developer Michal Novotny revealed this week in a post on the list.

According to Novotny, FTP will be turned off by default in Firefox 77, although it would be enabled by default in version 78 ESR. Furthermore, the developer said, the code will be completely removed from Firefox at the beginning of 2021.

“We’re doing this for security reasons. FTP is an insecure protocol and there are no reasons to prefer it over HTTPS for downloading resources,” Novotny said.

The developer also highlights the fact that part of the FTP code is very old and unsafe, and that maintaining it is a difficult task. Moreover, it is riddled with lots of security bugs, he says.

“After disabling FTP in our code, the protocol will be handled by external application, so people can still use it to download resources if they really want to. However, it won’t be possible to view and browse directory listings,” Novotny explains.

Advertisement. Scroll to continue reading.

The plan to remove support for the insecure protocol is not surprising, given Mozilla’s focus on keeping its users secure, including by enabling DNS-over-HTTPS by default for users in the United States.

Related: Firefox 74 Patches Vulnerabilities, Disables TLS 1.0 and 1.1

Related: Firefox Gets DNS-over-HTTPS as Default in U.S.

Related: Chrome 80 Released With 56 Security Fixes

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join us as we delve into the transformative potential of AI, predictive ChatGPT-like tools and automation to detect and defend against cyberattacks.


As cybersecurity breaches and incidents escalate, the cyber insurance ecosystem is undergoing rapid and transformational change.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Data Protection

The cryptopocalypse is the point at which quantum computing becomes powerful enough to use Shor’s algorithm to crack PKI encryption.

CISO Strategy

SecurityWeek spoke with more than 300 cybersecurity experts to see what is bubbling beneath the surface, and examine how those evolving threats will present...

CISO Conversations

Joanna Burkey, CISO at HP, and Kevin Cross, CISO at Dell, discuss how the role of a CISO is different for a multinational corporation...

Artificial Intelligence

The CRYSTALS-Kyber public-key encryption and key encapsulation mechanism recommended by NIST for post-quantum cryptography has been broken using AI combined with side channel attacks.

CISO Conversations

In this issue of CISO Conversations we talk to two CISOs about solving the CISO/CIO conflict by combining the roles under one person.

CISO Strategy

Security professionals understand the need for resilience in their company’s security posture, but often fail to build their own psychological resilience to stress.

Management & Strategy

SecurityWeek examines how a layoff-induced influx of experienced professionals into the job seeker market is affecting or might affect, the skills gap and recruitment...