Firefox Password System ‘Insufficiently Secured’ for Years
Wladimir Palant, the author of the AdBlock Plus extension, recently revealed that the encryption scheme used by Firefox for years had relatively been unsecure and could easily be broken by brute force attacks.
Palant said that Firefox’s and Thunderbird’s master password system, which has an SHA-1 function iteration count of 1, is a huge red flag since the industry standard is 10,000.
Software engineer Justin Dolske had reported the same issue nine years ago right after the master password feature’s launch. However, Mozilla only responded to Palant’s report and said that the issue would be fixed in the new password manager component codenamed Lockbox.
Source: Bleeping Computer