diff --git a/toolkit/components/passwordmgr/test/unit/test_isOriginMatching.js b/toolkit/components/passwordmgr/test/unit/test_isOriginMatching.js
index 7ae03228be7a..02547609ecf2 100644
--- a/toolkit/components/passwordmgr/test/unit/test_isOriginMatching.js
+++ b/toolkit/components/passwordmgr/test/unit/test_isOriginMatching.js
@@ -11,6 +11,17 @@ add_task(function test_isOriginMatching() {
     [true, "http://example.com:8080", "http://example.com:8080"],
     [true, "https://example.com", "https://example.com"],
     [true, "https://example.com:8443", "https://example.com:8443"],
+
+    // The formActionOrigin can be "javascript:"
+    [true, "javascript:", "javascript:"],
+    [false, "javascript:", "http://example.com"],
+    [false, "http://example.com", "javascript:"],
+
+    // HTTP Auth. logins have a null formActionOrigin
+    [true, null, null],
+    [false, null, "http://example.com"],
+    [false, "http://example.com", null],
+
     [false, "http://example.com", "http://mozilla.org"],
     [false, "http://example.com", "http://example.com:8080"],
     [false, "https://example.com", "http://example.com"],
@@ -142,6 +153,18 @@ add_task(function test_isOriginMatching() {
       "http://sub.example.mozilla.com",
       { acceptDifferentSubdomains: false },
     ],
+
+    // HTTP Auth. logins have a null formActionOrigin
+    [
+      false,
+      null,
+      "http://example.com",
+      {
+        acceptDifferentSubdomains: false,
+        acceptWildcardMatch: true,
+        schemeUpgrades: true,
+      },
+    ],
   ];
   for (let tc of testcases) {
     let expected = tc.shift();