AdBlock Plus creator Wladimir Palant lashed out against Mozilla for the poor security of the master password of the Firefox password manager. The issue is that for the past nine years, Firefox has executed just a single iteration of SHA-1 to hash the master password with a random salt to create the encryption key for the password database. Given the advances in computing power, this makes the encryption very susceptible to brute force attacks:
"The problem here is: GPUs are extremely good at calculating SHA-1 hashes. Judging by the numbers from this article, a single Nvidia GTX 1080 graphics card can calculate 8.5 billion SHA-1 hashes per second. That means testing 8.5 billion password guesses per second. This article estimates that the average password is merely 40 bits strong, and that estimate is already higher than some of the others. In order to guess a 40 bit password you will need to test 239 guesses on average. If you do the math, cracking a password will take merely a minute on average then."
Palant suggests Mozilla should use at least 100,000 iterations to beef up the security of Firefox.