This is a case where debug logs would have been helpful btw. but I tested the sites myself and identified the issues.
Is this specific to password generation or does it happen the same if you fill those forms manually? Perhaps the doorhanger normally ignores the
formActionOrigin and relies on the username but the auto-saving may take the
formActionOrigin into account. From what I can tell the behaviour is the same.
(In reply to Adrian Florinescu [:adrian_sv] from comment #0)
1. New profile. (not required)
2. Open facebook.com
3. Use generate password on password field from login and also on the New password field.
The former has a form action origin of https://www.facebook.com whereas the latter has https://m.facebook.com so it's expected that Firefox stores them as "duplicates". If you inspect logins.json you will see those two values. This has been a longstanding confusing issue for users since we never show this field to users (because it would be confusing to understand). Matching on the formActionOrigin is a security feature (bug 360493) and we have talked about removing it bug 1121119 but the security team didn't want to yet.
- New profile. (not required)
- Open imgur.com/signin and generate a password.
- Open imgur.com/register and generate a password.
Similar case here.
This is kinda a longstanding issue (maybe made somewhat worse with auto-saving?) and we haven't come up with a good solution over the years. I personally want to remove this field but since we can't do that I also don't think we should show this field to users (it would show two origins for each login).