Firefox uses the first auth method offered by the server in its headers, while RFC2617 says that it MUST use the strongest one. This is causing users to see password prompts, and potentally send passwords over the wire in plain-text, when they should be using GSSAPI or NTLM authentication which would work with single-sign-on.
Thanks for letting us know. We're going to track it on upstream. Fixing this is beyond simple change in source code, so it will have to go through Mozilla review process anyway. I've added myself to the CC list on mozbz.