The latest version of Firefox, Firefox 90, has dropped support for the long-standing File Transfer Protocol (FTP). Mozilla confirmed its decision to drop FTP from Firefox in a blog post published last week, noting that FTP is a significant security risk due to its tradition for transferring data in cleartext. This allows attackers to steal, spoof, and modify any data transmitted via the aging protocol. FTP has actually been disabled by default since Firefox 88, but Mozilla is now removing it altogether.
Removing FTP brings us closer to a fully-secure web which is on a path to becoming HTTPS only and any modern automated upgrading mechanisms such as HSTS or also Firefox’s HTTPS-Only Mode, which automatically upgrade any connection to become secure and encrypted do not apply to FTP.