> Do we know if Mozilla is planning anything to fix this?
Nope, so far as I can tell they are invested in their current approach. In fairness, I will admit that it trades security in order to get a slight improvement in usability.
If they'd just make it impossible to log in via JavaScript, and only through the browser UI, then they could increase the security. But they won't do it.
Do we know if Mozilla is planning anything to fix this?