Mozilla’s master password feature in Firefox has been for many years not safe enough. It uses an outdated encryptietechniek that easy to crack. That also applies to Mozilla’s mail client Thunderbird.
The master password set SH1 encryption to stored browser passwords, extra to to encrypt. But attackers can easily work around with the tools on the basis of fast calculations in no time, the underlying passwords opduikelen. Therefore, there is nowadays a more complex method for hands: SHA-2.
In Firefox however, it still uses SHA-1, discovered Adblock Plus developer Wladimir Palant. That is already nine years but in all that time, nothing is done. Mozilla says on the height, and in the future with a solution in the form of a new password manager for Firefox, Lockbox.
Want to be on the safe side, choose a different password manager than the default master password of Firefox. Reliable examples include 1Password and LastPass.