But perhaps you should start with the settings of the browser itself (Tools > Option). The gHacks blog advises disabling the use of the Java machine on the Content tab. There are not so many sites where Java may be needed. If you don't work with such resources and disable Java, you will eliminate one direction of potential attack.
On the Privacy tab, you will have to decide on the history parameters (for how many days the browser should remember the addresses of the pages visited, whether it needs to remember form data, etc.). Perhaps the most important thing here is cookie control. It is better to make a list of sites that are allowed to leave cookies and delete data from other servers.
Bookmark «Security» (Security) plays a leading role in ensuring safe surfing. Check the use of the list of suspicious sites (or install a check from Google).
Another important topic is password storage. It's not worth storing data in Firefox to access important accounts and resources (Webmoney wallets, Google AdSense, etc.). It's not a bad idea to create a Master Password so that if someone gets access to Firefox, they can't quickly find out passwords.
Dr. Web Anti-Virus link checker — before downloading a file, you can check it for viruses (the Dr. Web web service will download the file and immediately report the results).
Cert Viewer Plus — improved serification viewing
Extended Cookie Manager — convenient management of «cookies»
Flashblock — blocking the flash
FoxTor — anonymous surfing using the Tor network
No Script — allows execution of java scripts only for sites you trust
Keyscrambler Personal — the extension encrypts keystrokes, thereby protecting login information (logins/passwords) from keyloggers
Secure Login — the extension works like a Wand (in Opera), i.e. it disables pre-filling of forms for logging in to sites.
Whois Plugin — this addon shows whois information about the domain owner.
via Bomb Proof Firefox [gHacks]