Verizon wireless (VZW) bill payment site has an iframe which loads
verifiedbyvisa.com. The visa page onload, replace navigates (as opposed to
a sub requests) back to VZW. With 3rd party cookies disabled, this
VISA->VZW replacement request sends VZW cookies in Fx 3.6.17, but not in
4.0.1 where the transaction fails.
Why this change? I think Fx3.6 behavior is correct. For a request to be
considered 3rd party, it has to be a subrequest of a 1st party navigation,
but here VZW replaces VISA it's not a sub-request to the VISA request. If
it's to be considered a sub-request at all, it would be of the parent page,
which is VZW, so it's a 1st party sub-request.
https://bugzilla.mozilla.org/show_bug.cgi?id=664721