It seems that the XSLT feature in Firefox to fetch an XML value via the web is limited to fetching documents from the same domain from which the requesting XSLT program was fetched.
I suspect that this limitation is in part to prevent the following scenario.
A person uses a browser installed on a machine located behind a firewall of a corporation.
Within the firewall is a web site xyz.ge that holds certain secrets of the corporation.
If XSLT programs from outside the firewall were able to fetch the same XML information that the user were able to fetch, then the external program would be able to fetch the secret data and transmit it back to the external site.
It would require only guessing the name (internal URI) of the secrets.
A similar limitation on Macromedia Flash programs is in effect, for a similar reason.
If OS environments provided a conventional outside access port which could be guaranteed not to provide confidential information by virtue of internal access, then browsers and other police functions could be liberalized to allow access to such public information.
Another scheme has been proposed to extend the application area of these programs.
Platforms with police responsibility, such as the XSLT, or Java, or JavaScript, could ask sites politely, using some convention, whether it was OK to allow queries from programs that the platform was commissioned to limit.
Such an access permission query might be of the form:
A program that comes with a certificate signed by the public key xxx, wishes to access pages with ULRs of the form .... .
The program is able to communicate with domain ... .
Shall I permit this?
The query would be addressed to the (internal) web site using a conventional name (such as robot.txt).