Firefox has a separate "form history" feature that can remember/suggest data from similarly named form fields across the web. To remove a form history item, you typically can press the down arrow from the field to highlight a suggestion (for very long lists, you can type the first character in the field to filter it) and then press the Delete key to remove it. Does that work on the fields you do not want filled? Problem is, it could happen again. For more info on that feature, see: Control whether Firefox automatically fills in forms.

One other thought:

Sometimes Firefox thinks that a CVV field I filled is a password field because it is masked with asterisks, just like a password field. So it may then suggest updating the saved username/password for the site. No! Bad fox!

I suggest checking Firefox's password manager to make sure the CVV wasn't saved there, and be very careful when saving/updating logins for sites that Firefox isn't picking random masked fields.

Reference: Password Manager - Remember, delete and edit logins and passwords in Firefox

One other thought: Sometimes Firefox thinks that a CVV field I filled is a password field because it is masked with asterisks, just like a password field. So it may then suggest updating the saved username/password for the site. No! Bad fox! I suggest checking Firefox's password manager to make sure the CVV wasn't saved there, and be very careful when saving/updating logins for sites that Firefox isn't picking random masked fields. Reference: Password Manager - Remember, delete and edit logins and passwords in Firefox

Thank you for the quick reply, @jscher2000.

I checked the Firefox passwords manager, and it's empty (as expected since I don't allow password saves), so that's not the problem. But I'll definitely check the generic form-filling using the method you described next opportunity I have.

My main concern, though, is that this has never happened before. I gather (based on the link I posted above) that Firefox is specifically meant never to save the CVV, irrespective of other form-filling features.

For that reason, I wonder if this is a security bug introduced in the latest update.

Thank you again for your response.

Hi JCL,

I would totally agree with jscher2000, and especially with his first suggestion.

The reason behind such Firefox behavior may be a misconfigured website. Firefox can't find out whether the field is CVV unless the website tells it so, therefore if the properties of the field are not set correctly, it may be considered as a regular one (for which Firefox should remember the entered values).

If you could give us the website URL, we could try to look into it more deeply.

Hi JCL, I would totally agree with jscher2000, and especially with his first suggestion. The reason behind such Firefox behavior may be a misconfigured website. Firefox can't find out whether the field is CVV unless the website tells it so, therefore if the properties of the field are not set correctly, it may be considered as a regular one (for which Firefox should remember the entered values). If you could give us the website URL, we could try to look into it more deeply.

Hi, Denys.

Thank you for the explanation; that sounds likely. I have used the site before, so it's possible the CVV is simply not flagged appropriately.

The website where I experienced this behavior was abebooks.com, where I have an account which I use rarely and which I do not allow to store my credit card info. I followed a typical purchase process: I made my selections, proceeded to the cart, and chose checkout. The site retains my mailing address, which I selected. Then it moved on to ask for payment method, and I chose to "add a credit card". The card number I entered as normal with no autofill prompts; however, the expiry date and CVV both offered an autofill prompt.

To make certain, I just tried again on that site. But I had already deleted my form history so unfortunately I've got no data left to test the autofill.

Thank you for looking into this.