DOM XSS attack failing in Firefox

The reason is simple: Firefox (I think from version 27 on-wards) now encodes (URL encoded) everything and you can now only exploit DOM XSS in Firefox if in the code developers will do explicit mistake of decoding.

You may find this recently published article useful: http://www.lanmaster53.com/2014/3/dom-based-xss-revisited/

Maybe review https://code.google.com/p/domxsswiki/wiki/Index to help you determine which characters are encoded or not based on the browser vendor.

For example, in the following... scheme://user:pass@host/path/to/page.ext/Pathinfo;semicolon?search.location=value#hash=value&hash2=value2... the characters that are not url encoded in the PathInfo part, search part, and hash part in Firefox are listed below (screenshot of a part of the page linked above):