Whenever you hop on to the Internet you are facing dangers. While it is relatively safe on popular sites such as Facebook or Google, it is possible that you are deceived even there. On Facebook, it may be a link that someone posted and that you are dying to follow (Justin Bieber did this, the Pope is dead), and on Google, you may for instance be deceived by advertisement. Once you wander off those well lighted paths on the Internet, things may turn to worse pretty quickly.
The following guide helps you improve the security of the Firefox web browser while you are on the Internet. As always, with better security come downsides, and while I'm happy to live with those you may not. It is up to you to implement these security related features, or skip them instead if you do not want to or can't live without a feature.
1. Up to date
The first thing you need to make sure is that Firefox is up to date. It does not really matter if you are running the stable version of the browser, or one of the development versions - Beta, Aurora or Nightly - as all should be updated when new versions come out.
Why? Because updates more often than not fix security issues found in the browser. They may also improve the overall stability of it, or add new features to the browser that you may benefit from.
To check for updates click on Firefox > Help > About Firefox. This runs a manual check for updates. Note that development versions of Firefox receive frequent updates while the stable build is only updated occasionally.
You may also want to check the update preferences in Firefox. To do so click on Firefox > Options > Advanced > Update. Here you find if and how automatic updates are configured in Firefox.
The recommended setting is to automatically installed updates. This may not always be possible though, for instance in company networks where updates need to be tested before they are deployed.
Take a long hard look at the plugins that are installed in your browser. You can do so by loading about:addons in the browser's address bar and a click on the plugins listing on the left after the page has loaded.
Chance is, you do not really need most of them. You can disable plugins with a click on the disable button so that they are not executed automatically anymore when you visit websites that use them. I'd highly recommend disabling all plugins here, maybe with the exception of Adobe Flash if you make use of it.
It is also important to make sure you are running the latest version of plugins that you use in Firefox. Mozilla has created a plugin check website for that. Just visit the website and look at the information displayed here. If plugins are out of date, update them immediately.
You may also want to consider enabling click to play in Firefox. The feature has not found its way into the options of Firefox yet. To activate it, load about:config in Firefox and filter for the term plugins.click_to_play here. Double-click the parameter that appears to set it to true. This enables click to play in Firefox.
If you are using the built-in password manager, make sure you set a Master Password to protect the account date from other users with access to the system. To do so click on Firefox > Options > Security and check the use a master password box there. This protects the password storage with the password you select here, so make sure it is reasonably secure and complex.
Using Firefox as your password storage is usually not the best idea. While it is reasonably secure once you have set a master password, you do not get features such as a secure password generator which you can make good use of. Extensions such as Last Pass or standalone programs like KeePass provide you with additional tools that help you in this regard.
Cookies are related to privacy more than they are to security. What you may want to do is block third party cookies in Firefox to eliminate much of the tracking that is going on. To do so click on Firefox > Options > Privacy and switch from Remember history to use custom settings for history.
There you find then the accept third-party cookies menu which you can switch to never to block them outright, or alternatively configure Firefox to clear cookies on exit.
Many users do not like NoScript as it requires you to manage permissions whenever you visit pages that do not work properly without. While you can work just fine on many websites even with all scripts disabled, there are some that may not work at all or only with reduced functionality.
It takes a couple of clicks tops to enable scripts on a site that requires them to run properly, and with whitelisting, you should not really be overly concerned about that. Yes, it takes a while to get used to NoScript but the security it offers is well worth it in my opinion.
This is the one security related add-on that you should install in Firefox.
6. Other options
To improve security further, you may want to consider running Firefox in a sandbox. A program you can use for that job is Sandboxie. What this does basically is put a shell around the browser that limits interaction of it with the underlying operating system.
Even if Firefox gets exploited somehow, the sandbox would protect the operating system from the fallout. That's of course only true if the sandbox itself is not attacked as well. Usually though that is not the case so that you are protecting your operating system while running Firefox in a sandbox.
You should also make sure to update your operating system and software that runs on it whenever updates become available.
Did I miss something? Post your security tips below.