(In reply to Matthew N. [:MattN] from comment #7)
It wasn't trying to address this case so what you're showing is a known limitation, not worthy of a bounty IMO. See below (emphasis added):
The title of this bug is still pretty accurate: "Master password prompt gives the appearance of a security check, but it is easy to bypass". I did not know you knew about that bad design first. But after looking into the code I also realized that the security problem must have been aware of the development during the implementation. But better to look ahead now.
I thought and everybody else thinks that if there is a security gateway the the crown jewels behind it would be protected. And we all still know the behavior of the old password manager and how the master password provided protection there.
When i took a deep dive into code from about:logins and added my explanation I had expected an implementation like that I have explained in comment #5. Give it a try and maybe consider it. That would have been better than hiding the password field (like bug 1584126) and the issue would be already out of our minds.
I'm surprised that exactly the same scenario already occurred in the old Password Manager and that there was CVE-2019-11733 for it. If you read the CVE description the attack scenario is nearly the same. Is there a reason why no CVE-ID has been assigned for this same issue yet?
When a master password is set, it is required to be entered again before stored passwords can be accessed in the 'Saved Logins' dialog. It was found that locally stored passwords can be copied to the clipboard thorough the 'copy password' context menu item without re-entering the master password if the master password had been previously entered in the same session, allowing for potential theft of stored passwords.
In my PoC you can access the passwords like shown in comment #3 without re-entering the master password.
Firefox 73 beta (affected)
Firefox 72 (affected)
I hope to be still considered for a bounty because I clearly marked the wrong bugfixing path by providing a solid Bypass before it comes to release. I also named the root cause of this problem first and made a proposal how it could be fixed (comment #5).