Firefox and Thunderbird allow users to set up a “master password”” feature. The encryption scheme used by the master password feature is weak and can be easily brute-forced. The SHA-1 function has an iteration count of 1
Source: suggesting this would be fixed with the launch of Firefox’s new password manager component currently codenamed Lockbox.”