You won’t be loosing anything by using custom rules, the only thing you will have to do, if required, is recreate each rule manually.
Personally, I’ve been using nightly builds of firefox for a long time (currently 4.0b12pre) and my rules for the browser are really simple:
Allow UDP out to my router port 53 (DNS)
Allow TCP out All port 80
Allow TCP out All port 443
Allow TCP out 127.0.0.1 any port
Block and log
I don’t use the browser for FTP and any non-standard port requirements will show in the logs.
You will also need rules for the plug-in container. Unfortunately, these might be a little more problematic, as web sites that requite fx plug-ins don’t all use the same ports. At the least, you’ll probably have to add:
Allow UDP out port 53 (DNS)
Allow TCP out to port 1935
You’ll more than likely need rules for TCP out to port 80 and 443. If you add an Ask an log, you’ll soon find out if any additional ports are needed.
With regard to the CPU spikes, I know you didn’t have much luck in the builds forum and it’s not something I’ve really had a problem with. The only time I see any additional CPU activity, is when a plug-in loads but it doesn’t last long.
When you created a new profile, did you disable Directwrite and HW acceleration? if you type about:support in the URL bar, the information at the bottom of the page identifies your current graphics set-up. On the subject of graphics, are you using Intel, Nvidia or ATI, also which drivers.
Another possibility, it’s one of the other components of CIS (D+, sandbox, AV) that’s causing the problem. I only use the firewall.