The File Transfer Protocol (FTP) has been completely removed from Mozilla’s latest release of its flagship Firefox web browser.
FTP, which is based on a client-server approach and has been around for around five decades, provides for the simple transmission of files and directories between computers. The protocol, however, has long been regarded as insecure due to the fact that data is transferred without encryption. There are secure variations, such as one that uses SSL/TLS (FTPS) or the SSH File Transfer Protocol (SFTP).
FTP has been supported by all major browsers almost since the beginning, however security concerns have led to declining adoption and deprecation in favour of more secure alternatives.
In addition, FTP has been utilised in a variety of malware distribution schemes, with some involving the penetration of FTP servers in order to use the protocol for payload delivery.
“In keeping with our goal of deprecating non-secure HTTP and increasing the number of secure connections, we, along with other major online browsers, have decided to stop supporting the FTP protocol,” Mozilla said.
In March 2020, the open-source group revealed plans to remove FTP support in Firefox, a few months after Google deprecated the protocol in Chrome, and to disable it by default in Firefox 88. Starting with Firefox 90, the protocol is no longer supported.
“Removing FTP moves us closer to a truly secure web that is moving toward HTTPS only, and any modern automated upgrading techniques like HSTS or Firefox’s HTTPS-Only Mode, which automatically upgrade any connection to become safe and encrypted do not apply to FTP,” Mozilla stated.
Mozilla assures that Firefox users are secure from any form of attack that uses the protocol for virus delivery by fully deleting FTP capability from the browser.