The only reason Firesheep doesn't modify traffic is because it doesn't have to. Faking DNS replies or similar would be trivial to add, were it needed.
The vulnerability here isn't "someone running Firesheep" - that's the exploit. The vulnerability here is "an open WiFi network is a completely trusted medium".
The vulnerability here isn't "someone running Firesheep" - that's the exploit. The vulnerability here is "an open WiFi network is a completely trusted medium".