Basically whatever url I passed in xmlHttp.open("GET",urlstr,true) had to match the actual url in the address bar.
Yes, this is the case. www.domain.com is a different subdomain from domain.com in terms of the address.. it might not infact be a different subdomain but the address indicates that it is. FF is security conscious, it'll think your trying to issue ajax requests to a foreign domain.
If you're ajax-ing to the same server that the page is hosted on ( which is all you should be allowed to do ), then try using a '/' rather than a http:// and domain.. i.e, instead of ajax-ing 'http://www.yourdomain.tld/thescript.cgi', ajax '/thescript.cgi'.. this will only work if your page is on 'yourdomain.tld', and not in a subdomain (other than www).