The mischievous software can "sniff" traffic on unprotected WiFi networks for communication between computers on the network and targeted sites. When it discovers such communication, it attempts to steal information stored in "cookies" on a computer. That information can include a user's name and session ID. With that information, it's possible to gain unauthorized access to an account and perform tasks such as sending email. Since passwords usually aren't included in cookies, it's unlikely that Firesheep could be used for more nefarious purposes such as performing credit card transactions.