I've read that Chrome has now gotten rid of the ability to block ADs, and so with Firefox being the Chrome copying crap they are may follow suit.
My browser is Pale Moon and it's been Pale Moon since Firefox changed the UI to mirror Chrome way back then. I was a long time user and supporter of FF all the way back to Phoenix and the Mozilla suit browser. Not anymore.
Pale Moon doesn't use the asinine security plagued Webextension code for add-ons, but rather the tried and true XUL code for add-ons. Plus, PM has its CVEs patched all the time plus DiDs (Defense in Depth) CVEs that aren't really an issue now, but can be. So it really is a secure browser especially with the ability to poison canvas data among other things. I also have very little fingerprints by default. WebRTC is mitigated as well.
I run the browser in Sandboxie. This is a sand box like virtual environment that can help keep rouge crap at bay. I used to use a swear by NoScript, but it got way too cumbersome with a wealth of websites using vast amounts of JS just to do simple things. So I got rid of NoScript and depend on Sandboxie to help keep things at bay.
I don't use an anti-virus. I don't browse shady sites and scan all downloads at Virus Total and check downloads that provide a hash against their hash. I used to run Faronics Anti-executable and/or Shadow Defender.
My current privacy/security add-ons are as follows:
Foundstone HTML5 Local Storage Explorer
uBlock Origin for Pale Moon with malware lists and privacy lists, etc
User Agent JS Fixer
I have a plethora of other "hacker" related add-ons as well like Live HTTP headers.
I only got one virus in my life in circa 2004 when I didn't know anything about computers and crappy AVG on my Windows 98se computer failed to do anything. After that I vowed to never get owned again and learned my complete butt off about malware and protecting yourself against it, etc.
I scan my computers every now and then with several scanners ranging from FreeFixer which lists items that were recently added to your Comp along with a clickable link to research that item along with its hash and Virus Total result. I also use Sanity Check, Stream Armor, Ring3 API Hook Scanner, SuperAntiSpyware, TDSSKiller, and several others. Never once got malware and I've also used scanners to search for hacking team crap. If and that's a big IF I get an infection or what ever I can pull out my clone that's encrypted and copied to an external HDD kept in a fireproof safe meant for electronics. These safes can be had on eBay for around $35. I also encrypt all of my computers and USB sticks. My phpBB board is also backed up periodically, encrypted in a 7Z archive and placed in a Truecrypt container which is then saved on multiple hard drives, my local FTP server, Amazon S3 storage, DVD/RW and Blu-ray BDRE. Yeah, I never EVER want to lose my hard work.
In a nut shell, paranoia, security and backups are my forte and I DO run a tight ship. Even with my website. Nothing wrong with being a little paranoid. It may save yourself from getting owned and tea bagged. And I've done a LOT of that in COD Modern Warfare. My user name was ɃᶅΆCKɱǟǥȉʗ spelled with non normal characters to mitigate a kick vote since my name would appear and say something like, "you were killed by CK." Only the most prudent knew I was cheating my butt of and initialized the kick vote. But to the others they were like, "who's CK? I never saw him cheat."
Thus no kick vote succeeded. Anyway, stay off my lawn would be hackers and those that think
they can own. I'll own you!