Try LockBox: https://mozilla-lockbox.github.io/lockbox-extension/

I don't know how widely this could be used, but one thing is for sure: if you set Firefox NOT to autofill logins, then an attack using an invisible form can't work. With that setting change, instead of having the username and password already in the boxes, you need to click the username box and select the username from a drop-down, and ''then'' Firefox fills the boxes. That tested out safe on that article's demo page. Here's how to change the setting: (1) In a new tab, type or paste '''about:config''' in the address bar and press Enter/Return. Click the button promising to be careful or accepting the risk. (2) In the search box above the list, type or paste '''signon''' and pause while the list is filtered (3) Double-click the '''signon.autofillForms''' preference to switch the value from true to false Demo page: https://senglehardt.com/demo/no_boundaries/loginmanager/