diff --git a/toolkit/components/passwordmgr/test/mochitest/mochitest.ini b/toolkit/components/passwordmgr/test/mochitest/mochitest.ini
index a680659d3867..cb3f1dc4589c 100644
--- a/toolkit/components/passwordmgr/test/mochitest/mochitest.ini
+++ b/toolkit/components/passwordmgr/test/mochitest/mochitest.ini
@@ -31,8 +31,12 @@ skip-if = toolkit == 'android' # autocomplete
 [test_autocomplete_highlight_non_login.html]
 scheme = https
 skip-if = toolkit == 'android' # autocomplete
+[test_autocomplete_https_downgrade.html]
+fail-if = fission # Bug 1588091
+scheme = http # Tests downgrading
+skip-if = toolkit == 'android'  || (os == 'linux' && debug) # autocomplete && Bug 1554959 for linux debug disable
 [test_autocomplete_https_upgrade.html]
-fail-if = fission
+scheme = https
 skip-if = toolkit == 'android'  || (os == 'linux' && debug) # autocomplete && Bug 1554959 for linux debug disable
 [test_autocomplete_new_password.html]
 scheme = https
diff --git a/toolkit/components/passwordmgr/test/mochitest/test_autocomplete_https_downgrade.html b/toolkit/components/passwordmgr/test/mochitest/test_autocomplete_https_downgrade.html
new file mode 100644
index 000000000000..9a58dd86e05a
--- /dev/null
+++ b/toolkit/components/passwordmgr/test/mochitest/test_autocomplete_https_downgrade.html
@@ -0,0 +1,114 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+  <meta charset="utf-8">
+  <title>Test autocomplete on an HTTPS page using upgraded HTTP logins</title>
+  <script src="/tests/SimpleTest/SimpleTest.js"></script>
+  <script src="/tests/SimpleTest/EventUtils.js"></script>
+  <script type="text/javascript" src="../../../satchel/test/satchel_common.js"></script>
+  <script type="text/javascript" src="pwmgr_common.js"></script>
+  <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
+</head>
+<body>
+<script>
+const chromeScript = runChecksAfterCommonInit(false);
+
+runInParent(function addLogins() {
+  const {Services} = ChromeUtils.import("resource://gre/modules/Services.jsm");
+
+  // Create some logins just for this form, since we'll be deleting them.
+  let nsLoginInfo = Components.Constructor("@mozilla.org/login-manager/loginInfo;1",
+                                           Ci.nsILoginInfo, "init");
+
+  // We have two actual HTTPS to avoid autofill before the schemeUpgrades pref flips to true.
+  let login0 = new nsLoginInfo("https://example.com", "https://example.com", null,
+                               "name", "pass", "uname", "pword");
+
+  let login1 = new nsLoginInfo("https://example.com", "https://example.com", null,
+                               "name1", "pass1", "uname", "pword");
+
+  // Same as above but HTTP instead of HTTPS (to test de-duping)
+  let login2 = new nsLoginInfo("http://example.com", "http://example.com", null,
+                               "name1", "pass1", "uname", "pword");
+
+  // Different HTTP login to upgrade with secure formActionOrigin
+  let login3 = new nsLoginInfo("http://example.com", "https://example.com", null,
+                               "name2", "passHTTPtoHTTPS", "uname", "pword");
+
+  try {
+    Services.logins.addLogin(login0);
+    Services.logins.addLogin(login1);
+    Services.logins.addLogin(login2);
+    Services.logins.addLogin(login3);
+  } catch (e) {
+    assert.ok(false, "addLogin threw: " + e);
+  }
+});
+</script>
+<p id="display"></p>
+
+<!-- we presumably can't hide the content for this test. -->
+<div id="content">
+  <iframe></iframe>
+</div>
+
+<pre id="test">
+<script class="testbody" type="text/javascript">
+let iframe = SpecialPowers.wrap(document.getElementsByTagName("iframe")[0]);
+let iframeDoc, hostname;
+let uname;
+let pword;
+
+// Restore the form to the default state.
+function restoreForm() {
+  pword.focus();
+  uname.value = "";
+  pword.value = "";
+  uname.focus();
+}
+
+const HTTP_FORM_URL = "http://example.com/tests/toolkit/components/passwordmgr/test/mochitest/form_basic.html";
+
+async function setup(formUrl) {
+  await SpecialPowers.pushPrefEnv({"set": [["signon.schemeUpgrades", true]]});
+
+  iframe.src = formUrl;
+  await new Promise(resolve => {
+    iframe.addEventListener("load", function() {
+      resolve();
+    }, {once: true});
+  });
+
+  iframeDoc = iframe.contentDocument;
+  hostname = iframeDoc.documentURIObject.host;
+  uname = iframeDoc.getElementById("form-basic-username");
+  pword = iframeDoc.getElementById("form-basic-password");
+}
+
+add_task(async function test_autocomplete_https_downgrade() {
+  info("test_autocomplete_http, setup with " + HTTP_FORM_URL);
+  await setup(HTTP_FORM_URL);
+
+  LoginManager.getAllLogins().then(logins => {
+    info("got logins: " + logins.map(l => l.origin));
+  });
+  // from a HTTP page, look for matching logins, we should never offer a login with an HTTPS scheme
+  // we're expecting just login2 as a match
+  // Make sure initial form is empty.
+  checkLoginForm(uname, "", pword, "");
+  // Trigger autocomplete popup
+  restoreForm();
+  let popupState = await getPopupState();
+  is(popupState.open, false, "Check popup is initially closed");
+  let shownPromise = promiseACShown();
+  synthesizeKey("KEY_ArrowDown");
+  let results = await shownPromise;
+  info("got results: " + results.join(", "));
+  popupState = await getPopupState();
+  is(popupState.selectedIndex, -1, "Check no entries are selected");
+  checkAutoCompleteResults(results, ["name1"], "http://example.com", "initial");
+});
+</script>
+</pre>
+</body>
+</html>
diff --git a/toolkit/components/passwordmgr/test/mochitest/test_autocomplete_https_upgrade.html b/toolkit/components/passwordmgr/test/mochitest/test_autocomplete_https_upgrade.html
index 1a8cbdceaf74..27a35ffb848c 100644
--- a/toolkit/components/passwordmgr/test/mochitest/test_autocomplete_https_upgrade.html
+++ b/toolkit/components/passwordmgr/test/mochitest/test_autocomplete_https_upgrade.html
@@ -21,18 +21,18 @@ runInParent(function addLogins() {
                                            Ci.nsILoginInfo, "init");
 
   // We have two actual HTTPS to avoid autofill before the schemeUpgrades pref flips to true.
-  let login0 = new nsLoginInfo("https://example.org", "https://example.org", null,
+  let login0 = new nsLoginInfo("https://example.com", "https://example.com", null,
                                "name", "pass", "uname", "pword");
 
-  let login1 = new nsLoginInfo("https://example.org", "https://example.org", null,
+  let login1 = new nsLoginInfo("https://example.com", "https://example.com", null,
                                "name1", "pass1", "uname", "pword");
 
   // Same as above but HTTP instead of HTTPS (to test de-duping)
-  let login2 = new nsLoginInfo("http://example.org", "http://example.org", null,
+  let login2 = new nsLoginInfo("http://example.com", "http://example.com", null,
                                "name1", "pass1", "uname", "pword");
 
   // Different HTTP login to upgrade with secure formActionOrigin
-  let login3 = new nsLoginInfo("http://example.org", "https://example.org", null,
+  let login3 = new nsLoginInfo("http://example.com", "https://example.com", null,
                                "name2", "passHTTPtoHTTPS", "uname", "pword");
 
   try {
@@ -67,8 +67,7 @@ function restoreForm() {
   uname.focus();
 }
 
-const HTTPS_FORM_URL = "https://example.org/tests/toolkit/components/passwordmgr/test/mochitest/form_basic.html";
-const HTTP_FORM_URL = "http://example.org/tests/toolkit/components/passwordmgr/test/mochitest/form_basic.html";
+const HTTPS_FORM_URL = "https://example.com/tests/toolkit/components/passwordmgr/test/mochitest/form_basic.html";
 
 async function setup(formUrl = HTTPS_FORM_URL) {
   await SpecialPowers.pushPrefEnv({"set": [["signon.schemeUpgrades", true]]});
@@ -86,31 +85,7 @@ async function setup(formUrl = HTTPS_FORM_URL) {
   pword = iframeDoc.getElementById("form-basic-password");
 }
 
-add_task(async function test_autocomplete_http() {
-  info("test_autocomplete_http, setup with " + HTTP_FORM_URL);
-  await setup(HTTP_FORM_URL);
-
-  LoginManager.getAllLogins().then(logins => {
-    info("got logins: " + logins.map(l => l.origin));
-  });
-  // from a HTTP page, look for matching logins, we should never offer a login with an HTTPS scheme
-  // we're expecting just login2 as a match
-  // Make sure initial form is empty.
-  checkLoginForm(uname, "", pword, "");
-  // Trigger autocomplete popup
-  restoreForm();
-  let popupState = await getPopupState();
-  is(popupState.open, false, "Check popup is initially closed");
-  let shownPromise = promiseACShown();
-  synthesizeKey("KEY_ArrowDown");
-  let results = await shownPromise;
-  info("got results: " + results.join(", "));
-  popupState = await getPopupState();
-  is(popupState.selectedIndex, -1, "Check no entries are selected");
-  checkAutoCompleteResults(results, ["name1"], "http://example.org", "initial");
-});
-
-add_task(async function https_setup() {
+add_task(async function setup_https_frame() {
   await setup(HTTPS_FORM_URL);
 });
 
@@ -216,9 +191,9 @@ add_task(async function test_delete_duplicate_entry() {
   await deletionPromise;
   checkLoginForm(uname, "", pword, "");
 
-  is(await LoginManager.countLogins("http://example.org", "http://example.org", null), 1,
+  is(await LoginManager.countLogins("http://example.com", "http://example.com", null), 1,
      "Check that the HTTP login remains");
-  is(await LoginManager.countLogins("https://example.org", "https://example.org", null), 0,
+  is(await LoginManager.countLogins("https://example.com", "https://example.com", null), 0,
      "Check that the HTTPS login was deleted");
 
   // Two menu items should remain as the HTTPS login should have been deleted but