Firefox Follows Chrome and Blocks the Loading of Most FTP Resources

Mozilla says it will follow in the steps of Google Chrome and start blocking the loading of FTP subresources inside HTTP and HTTPS pages. From a report: By FTP subresources, we refer to files loaded via the FTP protocol inside img, script, or iframe tags that have a src="ftp://". FTP links placed inside normal angle bracket links or typed directly in the browser's address bar will continue to work. The reasoning is that FTP is an insecure protocol that doesn't support modern encryption techniques and will inherently break many other built-in browser security and privacy features, such as HSTS, CSP, XSA, or others. Furthermore, many malware distribution campaigns often rely on compromising FTP servers and redirecting or downloading malware on users' computers via FTP subresources. Mozilla engineers say FTP subresource blocking will ship with Firefox 61, currently scheduled for release on June 26.

Re:How do you turn it off?

[thegreatbob]

Doesn't appear to be blocking <a href= tags, but rather things such as iframes that automatically load content.

Re:Good. Kids should stay in their cribs.

[rahvin112]

Every time you log in to your FTP server remotely you pass your login credentials in the clear. FTP is ancient and unsecure and should be abandoned.