Firefox 61 will block FTP subresources
Mozilla plans to disable support for FTP subresources (subresource requests) in the stable version of Firefox 61. Firefox 61 will be released on June 26, 2018 to the stable channel according to the Firefox release schedule.
FTP subresource requests are made on web pages that are loaded in the web browser. This includes requests using script and iframe requests that point to FTP resources.
HTTP and HTTPS webpages may reference FTP resources just like other HTTP or HTTPS resources may be referenced. The referenced FTP resources may be used to load images from FTP locations or other content.
Firefox displays a warning in the browser's Developer Tools if webpages attempt to load FTP subresources in an iframe. The warning reads: "Loading FTP subresource within http(s) page not allowed (Blocked loading of FTP URL)".
The change won't block direct FTP links on webpages and Firefox won't block FTP addresses that users type or paste in the browser's address bar either.
Mozilla gives several reasons for the change; the most important is that FTP is not a secure protocol and that it should not be used anymore for that purpose because of that. Firefox should display mixed content warnings on HTTPS pages with FTP subresource requests but the same is not true for FTP subresource requests on HTTP pages.
Bleeping Computer suggests that compromised FTP servers are often used to distribute malware to user computers and that the loading happens via FTP subresources.
Google blocked the loading of FTP subresource requests in the Chrome browser in Chrome version 63 which the company released last year.
Mozilla Firefox and Google Chrome mark FTP connections as insecure in the address bar already to indicate that connections to FTP resources are not secure.
A Chromium bug listing revealed in 2015 that Google had plans to deprecate FTP support in the browser and Mozilla created a bug listing of its own around the time that referenced Google's decision. The browser makers have not acted yet but it is probably only a matter of time before FTP support is removed in its entirety from web browsers.
The most likely solution is that FTP links will then open in FTP or file transfer software programs that are available on the device.
Mozilla will introduce a new flag in Firefox 60 to disable FTP support in the browser.
FTP usage is at an all-time low, at least in web browsers. The move may impact some web offerings negatively but it should improve user security overall.
Now You: Do you use FTP?Advertisement