Not to excuse the behavior in that bug, but the situation is very different for Firefox than for BitWarden - as the blog post notes, 1000 iterations is only used for the key as it is in-flight via https to Mozilla's production servers, not when it is at rest. An attacker getting access to any encrypted databases would need to deal with scrypt, not these 1000 PBKDF2 iterations.