Mozilla is getting set to drop File Transfer Protocol (FTP) support from the Firefox web browser due to security issues.
FTP has been used for almost five decades, enabling data to share between machines. The protocol is based on the client-server model architecture and deemed insecure, protected with SSL / TLS (FTPS) or substituted with SSH File Transfer Protocol (SFTP).
For a few years, Google has branded FTP services as insecure in Chrome, and the organization deprecated the Chrome 80 protocol that was launched last month. The Web giant plans to drop FTP support in Chrome 82 entirely.
Mozilla is also contemplating withdrawing support for the FTP protocol from its client, Mozilla developer Michal Novotny announced this week in a thread on the mozilla.dev. Platform site.
According to Novotny, FTP would be disabled by default in Firefox 77, while it will be allowed by default in ESR version 78. The author stated that the technology would fully be withdrawn from Firefox at the beginning of 2021.
“We’re doing this for security reasons. FTP is an insecure protocol and there are no reasons to prefer it over HTTPS for downloading resources,” Novotny said.
The author also points out that one of the FTP codings is very outdated and insecure, so managing it is a challenging job. It’s loaded with a lot of software glitches, he notes.
“After disabling FTP in our code, the protocol will be handled by external application, so people can still use it to download resources if they really want to. However, it won’t be possible to view and browse directory listings,” Novotny explains.
The decision to drop support for the unsafe protocol is not unexpected considering Mozilla’s insistence on maintaining its users stable, even by allowing DNS-over-HTTPS by default for users in the United States.