I think I know partly why, earlier this week auth.ez.no was changed to use ".ez.no" as session cookie domain name to make some functionality work again after login was moved from ez.no to auth.ez.no.
Seems like ez.no needs to be added to list of known valid xx.yy domains just like vg.no is to be able to get this to work in IE8 and up. (if your on IE8+ see bottom of res://urlmon.dll/ietldlist.xml) For earlier IE version we need to either move login back to ez.no or stop using domain wide cookies.