My understanding of how the host file works is that it is used by the OS to check for names in preference to DNS (default order is hosts,DNS). So:
1) Firefox does use the hosts file because it uses the OS for name resolution.
2) You can't implement a "deny" policy using the hosts file as it will fail over to using DNS if a name is not found (unless you disable DNS too).
If I wanted to force FF use for all sites other than a select few, I would either:
1) Set up a proxy to restrict access to selected sites and configure IE on _all_ PCs to use the proxy.
2) Enable content advisor on IE and restrict access to selected sites.
Option 1 is probably more scalable on a big site as you can change which sites are accessible centrally.