Two vulnerabilities were recently identified by security researcher Tavis Ormandy. All extensions have been patched and are being re-released to users. Malicious websites could trick LastPass by masking as a trusted party and steal site credentials. No master password change is required; no site credential passwords need to be changed. Firefox 3.3.2 message-hijacking bug was reported to our team last year and fixed at that time. The fix was not pushed down to our legacy Firefox 33.3x branch; this branch has been scheduled for formal retirement.”]
Source: https://blog.lastpass.com/2017/03/important-security-updates-for-our-users/