Active content
On the Content tab of the Options dialogue box, active content can be switched on and off; if you want to be on the safe side, disable both Java and JavaScript. For more detailed control over JavaScript, click on the Advanced button to the right of the item JavaScript to open a dialogue box, where you can prevent certain JavaScript actions. For instance, you can prevent the changing of the window size or the status bar text. In this way, surfers who do not want to do without JavaScript altogether can at least block some JavaScript actions used in phishing and other attacks.
Be sure to check "Warn me when web sites try to install extensions or themes" so that sites you do not know cannot install these automatically. With this item checked, when a site tries such an action, you will be warned with a dialogue box asking you if you would like for the installation to take place.
The security options in Firefox are quite rigid. The browser not only lacks a zone model, but also site-specific settings; all of the settings are global. In addition, users have to switch active content on and off via the browser settings, which is rather indirect. The Firefox community has therefore produced a number of extensions that remedy this situation.
The Prefbar provides the most important security settings in a toolbar so you can change them with one click. NoScript allows the execution of JavaScript, Java and other plug-ins to be limited to trustworthy sites.
The NoScript extension allows you to limit the execution of active content to trustworthy sites.