A software package a day: NoScript
If I had to decided upon one add-on for Firefox, NoScript would be the one I would recommend. It isn’t that it adds a lot of functionality; it disables a lot of functionality be default. Of course, that is the point.
The process is a bit annoying for the first few days, but as most people visit the same sites repeatedly the software quickly learns your preferences. After a while you stop noticing that it is there as your trusted sites run as expected and strange cross site scripts in advertising or sites you don’t frequent continue to be neutered. This reduces the possibility of an exploit in the browser being exploited as the exploit would have to run on one of your trusted sites, not some random throw away domain (which is the usual situations).
It doesn’t make your bulletproof, but it does help along with sane browsing practices to avoid the most common problems. Recommended.