This was done intentionally in bug 290100. Scripts on other subdomains (or domain.com) can opt in to sharing by setting document.domain themselves, but XMLHttpRequest responses cannot. You can work around this easily by doing the XMLHttpRequest from the correct frame. Future versions of Firefox may have ways for hosts to opt into sharing XMLHttpRequest responses with particular hostnames.
Thanks, the page was found by using Google search on some XHR related terms. As already noticed above, some planned features will provide similar functionality; so far I found: Something about 'UniversalBrowserRead' http://www.google.nl/search?hl=nl&q=universalbrowserread&btnG=Google+zoeken&meta= Signed Scripts http://www.mozilla.org/projects/security/components/signed-scripts.html Working with Proxy in mod_rewrite (Apache) http://www.google.com/search?hl=en&q=mod_rewrite+proxy+xhr Combining with hidden frames http://www.google.com/search?hl=en&q=xhr+hidden+frame Some kind of XHR-gateway programmed in a code you like http://www.google.com/search?hl=en&q=xhr+gateway+cross-domain