Though if you think about how Firesheep works (an outside party intercepting communications to non-secure websites over unencrypted, insecure/open Wi-Fi connections), I'm not sure how the user could detect their session was being 'sidejacked' by Firesheep via AV definitions, since it's information that's being broadcast out that's being intercepted. Intrusion Prevention signatures would be more apt, but then again, I don't know if Firesheep sends information back to the user who is being sidejacked.
There are some Firefox plugins that force an HTTPS connection. May be worth looking into.
sandra