User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:59.0) Gecko/20100101 Firefox/59.0 Build ID: 20180310025718 Steps to reproduce: I'm filing this as a bug because it will potentially make using Thunderbird not viable for me. Please read this article https://mybroadband.co.za/news/security/252799-master-password-in-firefox-is-weak.html In the modern day it's critical that you can properly protect one's email login credentials. If attackers gain access to your email credentials they can use that to reset your passwords for banking and other websites. Using weak protection is putting us all at risk, especially when its not very difficult to change from a technical point of view as the relevant libraries exist etc. Actual results: Luckily no attack has happened yet, but that does not mean this issue should be ignored. Expected results: Up to date password protection methods such as bcrypt, scryot, Argon2 should be used together with strong encryption such as AES256.

Thunderbird is using Mozilla core technology, so if that's "weak" you should file the bug there. Or perhaps there's already a similar bug for Firefox.

bug 973759 where s/he has already commented?