Note that these first three tests are the most important:
test active
test display
test both

This is a test for a page that has tracking elements, mixed active content, and mixed display content:
mixed content and tracking protection

And these are a bunch more tests that test specific scenarios:
test
test
test
test
test
test mixed with ctp
test document open
test document open2
test document open3
test document open4
test document open5
test document open6
test document open7
test document open8
test grandchild iframe
test http grandchild iframe
test iframe
test iframe2
test iframe3
test iframe4
test iframe both
test mixed script
test navigation
test navigation 2
test navigation top
test navigating frame
test navigating frame 2
test navigating grandchild frame
test http navigating grandchild frame
test navigating grandchild frame 2
test http navigating grandchild frame 2
test navigating top from frame
test window open
test window open 2
test window open 3
test brandon
test iframe document open
test iframe document open2
test iframe document open3
test iframe document open4
test session restore
test
navigate main bug 902350
navigate top bug 902350
navigate frametop bug 902350
navigate content bug 902350
navigate framemain bug 902350
navigate framecontent bug 902350
navigate foo bug 902350
navigate framefoo bug 902350
navigate parent not within a frame bug 906219
navigate parent bug 906219
navigate parent from grandchild bug 906219
navigate parent from grandchild bug 906219 - http version
mixed youtube
Http page with HTTP content image from an HTTPS css file
Http page with HTTP content font from an HTTPS css file
Http page with HTTP script and image from an HTTPS script file
Http page with HTTP subresources from an HTTPS object file
Mixed content page where one frame goes through a metarefresh and changes location
Image with a crossorigin attribute
Image and picture with srcset

Some non-mixed tests.
Change the base uri
data: uri

Passwords:
iframe with passwords created from data: uri
iframe with passwords created from javascript: uri
window.open with a password in the opened window
change document.domain on a page with a passowrd field
page with a password field
use pushState to change the path on a page with a password field (documentURI changes)