After FTP is disabled in Firefox, people can still use it to download resources if they really want to, but the protocol will be handled by whatever external application is supported on their platform.įTP was disabled on the Firefox Nightly pre-release channel on April 9. Now, we have decided to remove it because it is an infrequently used and insecure protocol. It predates the Web and was not designed with security in mind. FTP is a protocol to transfer files from one host to another. The FTP protocol itself has been disabled by default since version 88 and now the time has come to end an era and discontinue the support for this outdated and insecure protocol - Firefox 90 will no longer support the FTP protocol, said Mozilla.The Firefox platform development team recently announced plans to first disable, and then remove the implementation for built-in FTP from the browser. “Removing FTP brings us closer to a fully-secure web which is on a path to becoming HTTPS only and any modern automated upgrading mechanisms such as HSTS or also Firefox's HTTPS-Only Mode, which automatically upgrades any connection to become secure and encrypted do not apply to FTP”, the blog said. The blog said that Mozilla wanted to get away from insecure HTTP and increase the percentage of secure connections, so like other major web browsers, decided to discontinue support of the FTP protocol. To date, many malware distribution campaigns launch their attacks by compromising FTP servers and downloading malware on an end user's device using the FTP protocol. The biggest security risk is that FTP transfers data in cleartext, allowing attackers to steal, spoof and even modify the data transmitted. A post on Mozilla's security blog calls FTP "by now one of the oldest protocols still in use" - and it's suffering from "a number of serious security issues".
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |