I've been promising for a while to list all the extensions I use for Mozilla Firefox. Given I have a stack of homework to do and other chores and errands, it seems now is as good a time as any.
Each of these are reasons why I use Firefox over other browsers!
If you're only ever going to install one add on, make it this one. NoScript cops a lot of nonsense and flack from people for being tedious and a pain to use, but it really is very simple and with a few days of using it, it becomes second nature.
As for customising, I suggest disabling the "Show message about blocked scripts" because it's a bit redundant. I also suggest removing the NoScript icon from your toolbar and accessing it from the status bar instead, it takes up less space and will be conveniently located next to other extensions with menus.
This protects you for suspect root certificate authorities, and if you prefer not pinging their server every time you access a secure page, you can also download their database as a extension. As a bonus in the newest version it will also warn you if you're accessing a site that uses the now vulnerable MD5 hash that I've talked about before, very cool.
Protects you from so called Super Cookies such as Adobe Flash LSOs [Wikipedia link] which can be used to track you. Spooky stuff.
NoScript got me used to the idea of blocking everything by default and only allowing sites I trust to execute code. Cookie Monster is a lightweight extension that does the same thing for cookies.
Another such pair of extensions are CookieSafe and CS Lite, the latter of which I used to use for a while. They're both extremely sophisticated but I found I never used any of their advanced features.
BlockSite is a simple, lightweight and very easy use blacklist utility which does what you think it does. The only thing I wish it did was allow you to right click (or CTRL click on Mac) a link and add the target site to your blacklist.
Adblock Plus (discussed on my usability Firefox extensions post) used to be able to block entire websites, but later versions removed this functionality for some reason: BlockSite fills this void nicely.