mastercard secure/VbyV authorisation page works fine for me too with FF in every other site that needs it.
<snip>
I have reported the problem to the site a few months ago. No change as of today.
<snip>
(I am trying out RequestPolicy now - looks like a good addition to browser security/privacy.)
Certainly seems site specific, probably using proprietary code that doesn't comply with standards.
It is a useful add-on, but it as I said can be a pain when using on-line shopping and banking, as they have many legitimate cross site scripting requests. The difficult part is knowing what is legitimate and what even though legit isn't required, e.g. those that tracks (google-analytics) or are used to deliver adverts.