--- a/toolkit/components/extensions/ext-cookies.js
+++ b/toolkit/components/extensions/ext-cookies.js
@@ -223,25 +223,25 @@ function* query(detailsIn, props, contex
 
   // We can use getCookiesFromHost for faster searching.
   let enumerator;
   let uri;
   if ("url" in details) {
     try {
       uri = NetUtil.newURI(details.url).QueryInterface(Ci.nsIURL);
       Services.cookies.usePrivateMode(isPrivate, () => {
-        enumerator = Services.cookies.getCookiesFromHost(uri.host, {userContextId});
+        enumerator = Services.cookies.getCookiesFromHost(uri.host, {userContextId, privateBrowsingId: isPrivate ? 1 : 0});
       });
     } catch (ex) {
       // This often happens for about: URLs
       return;
     }
   } else if ("domain" in details) {
     Services.cookies.usePrivateMode(isPrivate, () => {
-      enumerator = Services.cookies.getCookiesFromHost(details.domain, {userContextId});
+      enumerator = Services.cookies.getCookiesFromHost(details.domain, {userContextId, privateBrowsingId: isPrivate ? 1 : 0});
     });
   } else {
     Services.cookies.usePrivateMode(isPrivate, () => {
       enumerator = Services.cookies.enumerator;
     });
   }
 
   // Based on nsCookieService::GetCookieStringInternal
@@ -387,17 +387,17 @@ extensions.registerSchemaAPI("cookies", 
         if (!checkSetCookiePermissions(extension, uri, cookieAttrs)) {
           return Promise.reject({message: `Permission denied to set cookie ${JSON.stringify(details)}`});
         }
 
         // The permission check may have modified the domain, so use
         // the new value instead.
         Services.cookies.usePrivateMode(isPrivate, () => {
           Services.cookies.add(cookieAttrs.host, path, name, value,
-                               secure, httpOnly, isSession, expiry, {userContextId});
+                               secure, httpOnly, isSession, expiry, {userContextId, privateBrowsingId: isPrivate ? 1 : 0});
         });
 
         return self.cookies.get(details);
       },
 
       remove: function(details) {
         for (let {cookie, isPrivate, storeId} of query(details, ["url", "name", "storeId"], context)) {
           Services.cookies.usePrivateMode(isPrivate, () => {

--- a/toolkit/components/extensions/test/mochitest/test_ext_cookies.html
+++ b/toolkit/components/extensions/test/mochitest/test_ext_cookies.html
@@ -18,16 +18,26 @@ add_task(function* test_cookies() {
     function assertExpected(expected, cookie) {
       for (let key of Object.keys(cookie)) {
         browser.test.assertTrue(key in expected, `found property ${key}`);
         browser.test.assertEq(expected[key], cookie[key], `property value for ${key} is correct`);
       }
       browser.test.assertEq(Object.keys(expected).length, Object.keys(cookie).length, "all expected properties found");
     }
 
+    async function getCookie(url, windowId) {
+      let tab = await browser.tabs.create({url: url + "tests/toolkit/components/extensions/test/mochitest/return_headers.sjs", windowId});
+      let cookie = JSON.parse(await browser.tabs.executeScript(tab.id, {code: "document.body.textContent"})).cookie;
+      await browser.tabs.remove(tab.id);
+      return cookie;
+    }
+
+    let defaultWindowId = (await browser.windows.getCurrent()).id;
+    browser.test.assertTrue(defaultWindowId != null);
+
     const TEST_URL = "http://example.org/";
     const TEST_SECURE_URL = "https://example.org/";
     const THE_FUTURE = Date.now() + 5 * 60;
     const TEST_PATH = "set_path";
     const TEST_URL_WITH_PATH = TEST_URL + TEST_PATH;
     const TEST_COOKIE_PATH = `/${TEST_PATH}`;
     const STORE_ID = "firefox-default";
     const PRIVATE_STORE_ID = "firefox-private";
@@ -43,16 +53,22 @@ add_task(function* test_cookies() {
       session: false,
       expirationDate: THE_FUTURE,
       storeId: STORE_ID,
     };
 
     let cookie = await browser.cookies.set({url: TEST_URL, name: "name1", value: "value1", expirationDate: THE_FUTURE});
     assertExpected(expected, cookie);
 
+    browser.test.assertEq("name1=value1", await getCookie(TEST_URL, defaultWindowId), "http website can see the cookie");
+
+    browser.test.assertEq("name1=value1", await getCookie(TEST_SECURE_URL, defaultWindowId), "https website can see the cookie");
+
+    browser.test.assertEq(undefined, await getCookie("http://test1.example.org/", defaultWindowId), "subdomain website can not see the cookie");
+
     cookie = await browser.cookies.get({url: TEST_URL, name: "name1"});
     assertExpected(expected, cookie);
 
     let cookies = await browser.cookies.getAll({name: "name1"});
     browser.test.assertEq(cookies.length, 1, "one cookie found for matching name");
     assertExpected(expected, cookies[0]);
 
     cookies = await browser.cookies.getAll({domain: "example.org"});
@@ -74,16 +90,20 @@ add_task(function* test_cookies() {
     assertExpected(expected, cookies[0]);
 
     cookies = await browser.cookies.getAll({storeId: "invalid_id"});
     browser.test.assertEq(cookies.length, 0, "no cookies found for invalid storeId");
 
     let details = await browser.cookies.remove({url: TEST_URL, name: "name1"});
     assertExpected({url: TEST_URL, name: "name1", storeId: STORE_ID}, details);
 
+    browser.test.assertEq(undefined, await getCookie(TEST_URL, defaultWindowId), "website can not see deleted cookie");
+
+    browser.test.assertEq(undefined, await getCookie(TEST_SECURE_URL, defaultWindowId), "website can not see deleted cookie");
+
     cookie = await browser.cookies.get({url: TEST_URL, name: "name1"});
     browser.test.assertEq(null, cookie, "removed cookie not found");
 
     let stores = await browser.cookies.getAllCookieStores();
     browser.test.assertEq(1, stores.length, "expected number of stores returned");
     browser.test.assertEq(STORE_ID, stores[0].id, "expected store id returned");
     browser.test.assertEq(1, stores[0].tabIds.length, "one tab returned for store");
 
@@ -193,16 +213,22 @@ add_task(function* test_cookies() {
       cookie = await browser.cookies.get({url: TEST_URL, name: "store", storeId: PRIVATE_STORE_ID});
       browser.test.assertEq("private", cookie.value, "get the private cookie");
       browser.test.assertEq(PRIVATE_STORE_ID, cookie.storeId, "get the private cookie storeId");
 
       cookie = await browser.cookies.get({url: TEST_URL, name: "store", storeId: STORE_ID});
       browser.test.assertEq("default", cookie.value, "get the default cookie");
       browser.test.assertEq(STORE_ID, cookie.storeId, "get the default cookie storeId");
 
+      browser.test.assertEq("store=private", await getCookie(TEST_URL, privateWindow.id), "http website can see the cookie");
+
+      browser.test.assertEq("store=private", await getCookie(TEST_SECURE_URL, privateWindow.id), "https website can see the cookie");
+
+      browser.test.assertEq(undefined, await getCookie("http://test1.example.org/", privateWindow.id), "subdomain website can not see the cookie");
+
       let details = await browser.cookies.remove({url: TEST_URL, name: "store", storeId: STORE_ID});
       assertExpected({url: TEST_URL, name: "store", storeId: STORE_ID}, details);
 
       cookie = await browser.cookies.get({url: TEST_URL, name: "store", storeId: STORE_ID});
       browser.test.assertEq(null, cookie, "deleted the default cookie");
 
       details = await browser.cookies.remove({url: TEST_URL, name: "store", storeId: PRIVATE_STORE_ID});
       assertExpected({url: TEST_URL, name: "store", storeId: PRIVATE_STORE_ID}, details);
@@ -214,17 +240,17 @@ add_task(function* test_cookies() {
     }
 
     browser.test.notifyPass("cookies");
   }
 
   let extension = ExtensionTestUtils.loadExtension({
     background,
     manifest: {
-      permissions: ["cookies", "*://example.org/"],
+      permissions: ["cookies", "*://*.example.org/"],
     },
   });
 
   yield extension.startup();
   yield extension.awaitFinish("cookies");
   yield extension.unload();
 });