Does Mozilla keep the encryption keys and can later access these passwords??

No, they can't.

Firefox encrypts your data (saved logins and other data) before sending it to the Sync servers. Mozilla does not have a way to decrypt your Sync data.

How Firefox Sync keeps your data safe even if TLS fails

Firefox encrypts your data (saved logins and other data) before sending it to the Sync servers. Mozilla does not have a way to decrypt your Sync data. How Firefox Sync keeps your data safe even if TLS fails

Thanks for that, Unfortunately PBKDF2 with 1000 iterations is extremely weak! To make matters worse, Mozilla is aware of this (meaning they choose weak encryption). [|See here]

jscher2000 said

Firefox encrypts your data (saved logins and other data) before sending it to the Sync servers. Mozilla does not have a way to decrypt your Sync data. How Firefox Sync keeps your data safe even if TLS fails

Thanks for that, Unfortunately PBKDF2 with 1000 iterations is extremely weak! To make matters worse, Mozilla is aware of this (meaning they choose weak encryption). [|See here]

So if I understand that bug, if someone is able to intercept your login to the Firefox Account server (i.e., man in the middle), they could obtain your password by brute force. And the reason it wasn't already strengthened against brute force attack may be concerns about unacceptable performance. I'm not sure what is considered the threshold for acceptable performance.