I’m often asked as a software engineer & penetration tester. What i use to protect myself online from malicious websites. While my typical response is to use common sense. Which will always be the most useful tool. This blog gives me the opportunity to not only recommend extensions by name but direct URL. It's also a link to refer to every time someone asks.
Firefox
I personally use both Firefox Developer (for work), and, Firefox (for home / mobile). While it has quirks. The non-developer edition can be rather secure. It also has an impressive array of support for HTML 5 standards.
NoScript Security Suite
NoScript can be tricky at first. It’s primary purpose is to block all script, and, object tags from executing on a page. Typically this means it will block JavaScript however it can also block VBScript should you happen to visit a fossil still using it.
The problem with blocking JavaScript is that it breaks 99% of the “modern web”. However, unlike just disabling JavaScript in the browser. NoScript let’s you allow / deny scripts on the fly from specific domains with an easy to use interface at the bottom of the browser (or where ever you move it in the settings). If you’re careful not to just “allow everything” when you visit websites you can block all 3rd party JavaScript that do not originate from the domain you visited.
Most hi-jacking, virus / malware infection or overall badness happens through JavaScript, Java, and, Flash so blocking the unneeded scripts, and, objects goes a very long way to protecting your self.
AdBlock Plus
AdBlock no matter how you feel about this controversial extension. It goes very well with NoScript for closing holes that NoScript would other wise not be able to handle. Good example of this would be a domain you have allowed in NoScript but still wish to block the JavaScript based ads on.
Ad’s which are often deployed by non-technically literate, but application-specific literate individuals. Often lead to security holes which can be exploited by others to host malicious scripts in an other wise trusted environment.
You can disable which sites Ads are blocked on, so you can continue to still support your favorite sites.
Privacy Badger
Privacy Badger is a collaboration between EFF and the Mozilla team. It’s primarily designed to break tracking cookies and other unique content id generation systems used by marketers, data analysts, governments, and, hackers to track your activity online. Even through common security mechanics like SSL, or, TLS.
HTTPS Everywhere
HTTPS Everywhere is designed to protect from SSL replacement attacks. While it’s not perfect it’s certainly worthy of use. If nothing more than reporting sites though observatory. This is also a project from the EFF.