I just set fennec to delete all the cookies and stuff when I “quit” from the pulldown menu. Yeah that logs me off of sites but that’s ok, I use the built in password store to log back in quickly. If I just close the browser rather than selecting “quit”, the cookies stay around. So I use “quit” when I want to get rid of the cookies, maybe a few times a day.
Interesting, I tend to worry less about the password store than external password managers. Maybe you are onto something and I should research it further. But the breaches I hear about have all been with external managers. I particularly don’t want anything uploading passwords to remote storage. If I have to share a password between two machines (laptop and phone), I just transfer it manually. Another minor nuisance.