Could it be that a much praised security feature of Firefox actually be insecure?
"For at past nine years, Mozilla has been using an insufficiently strong encryption mechanism for the "master password" feature.
Both Firefox and Thunderbird allow users to set up a "master password" through their settings panel. This master password plays the role of an encryption key that is used to encrypt each password string the user saves in his browser or email client.
But Wladimir Palant, the author of the AdBlock Plus extension, says the encryption scheme used by the master password feature is weak and can be easily brute-forced."