Mozilla has ended support for FTP in Firefox 90, citing security concerns with the aging protocol.
FTP (File Transfer Protocol) is one of the oldest protocols, dating back to the early days of the internet. Unfortunately, unlike newer protocols, basic FTP has no encryption and transmits data in plain text, including usernames and passwords. Mozilla highlights the danger this poses to users.
The biggest security risk is that FTP transfers data in cleartext, allowing attackers to steal, spoof and even modify the data transmitted. To date, many malware distribution campaigns launch their attacks by compromising FTP servers and downloading malware on an end user’s device using the FTP protocol.
As a result of FTP’s security risks, Mozilla has decided to end support for it.
Removing FTP brings us closer to a fully-secure web which is on a path to becoming HTTPS only and any modern automated upgrading mechanisms such as HSTS or also Firefox’s HTTPS-Only Mode, which automatically upgrade any connection to become secure and encrypted do not apply to FTP.
The FTP protocol itself has been disabled by default since version 88 and now the time has come to end an era and discontinue the support for this outdated and insecure protocol — Firefox 90 will no longer support the FTP protocol.
Mozilla is to be commended for its ongoing push to protect user privacy and security, even if that means dropping venerable protocols like FTP.