I’m often asked as a software engineer & penetration tester. What i use to protect myself online from malicious websites. While my typical response is to use common sense. Which will always be the most useful tool. This blog gives me the opportunity to not only recommend extensions by name but direct URL. It's also a link to refer to every time someone asks.
I personally use both Firefox Developer (for work), and, Firefox (for home / mobile). While it has quirks. The non-developer edition can be rather secure. It also has an impressive array of support for HTML 5 standards.
NoScript Security Suite
Ad’s which are often deployed by non-technically literate, but application-specific literate individuals. Often lead to security holes which can be exploited by others to host malicious scripts in an other wise trusted environment.
You can disable which sites Ads are blocked on, so you can continue to still support your favorite sites.
Privacy Badger is a collaboration between EFF and the Mozilla team. It’s primarily designed to break tracking cookies and other unique content id generation systems used by marketers, data analysts, governments, and, hackers to track your activity online. Even through common security mechanics like SSL, or, TLS.
HTTPS Everywhere is designed to protect from SSL replacement attacks. While it’s not perfect it’s certainly worthy of use. If nothing more than reporting sites though observatory. This is also a project from the EFF.