Ok I can reproduce this. After editing in the password the second time and re-opening the doorhanger, we are running afoul of some logic in LoginManagerPrompter that only shows the toggle for dismissed doorhangers when they have not yet been opened: https://searchfox.org/mozilla-central/source/toolkit/components/passwordmgr/LoginManagerPrompter.jsm#492
let hideToggle =
// Dismissed-by-default prompts should still show the toggle.
(this.timeShown && this.wasDismissed) ||
So fixing this here would presumably break some other cases, and I'm not sure at this point what those are? I think the idea was that a prompt which was created as dismissed should allow toggling of the password visibility, but if a doorhanger was shown and then dismissed by the user, we don't want someone else coming along later and opening it back up to snoop the password. ISTM we already have that case covered though with the
VISIBILITY_TOGGLE_MAX_PW_AGE_MS timer in which we'll hide the toggle after 2 minutes?
Note that there is some overlap here with bug 1618587, where we are implementing the OS reauth prompt for this toggle, which replaces all this logic where OS reauth is available. We do still use this logic in the fallback case though so a fix here is still relevant.