Mozilla patched a vulnerability in the Firefox web browser with the launch of the 68.0.2 release which would allow unauthorized users to copy passwords from the browser’s built-in Save Logins database even when protected with a master password. The flaw allows anyone with local access to a computer running an unpatched version of Firefox to copy the password stored for any of the saved logins by right-clicking and choosing the “Copy Password”” option. This happens even though the browser will ask for the master pass
Source: security