[m463]

You don't whitelist firefox. You whitelist firefox talking to www.foo.com port 80.

[c0llision]

You would need to do that for every domain firefox talks too, which will quickly get annoying, as stated in the original comment:

Safari and Chrome want to talk to all kinds of things on TCP/80 and 443, so you pretty quickly say they're allowed to make any 80 or 443 connection they want without further pestering you

[m463]

You can set it up to allow/block a site or domain forever.

For example, block graph.facebook.com forever.

You can also look in the little snitch network monitor and block sites after the fact for the future.

It's a lot less tedious if you know the keyboard commands:

alt-return denies the connection, and cmd-return allows it.

[gruez]

How are you going to handle CDNs? Are you going to whitelist all the [random letters].cloudfront.net? What about public websites? You can conceivably establish a communications channel over any popular social media site.

[m463]

uMatrix helps with all of this to block domains by name in the browser.

I suspect Little Snitch has a sort of hole in it's design.

I think the DNS lookups go through before you get the allow/deny dialog box. So your browser might do a dns lookup for user-gruez-jan-2020-in-timbuktu.<random>.trackingjerks.net which would get around little snitch.