Without saying why CSP is particularly susceptable to cat-and-mouse attacks, this comment doesn't have a lot of content. Do you have more thoughts to share about it?
Some big problems: It requires people to use firefox or for other vendors to adopt CSP, and it only works for sites that integrate it. Until it comes under attack, it's hard to say whether or not it'll fall victim to the cat-and-mouse thing or simply fail to gain traction. I haven't seen CSP in action, so my comment was tongue-in-cheek.