NoScript

The NoScript Firefox extension provides extra protection for Firefox, Seamonkey and other mozilla-based browsers: this free, open source add-on allows JavaScript, Java, Flash and other plugins to be executed only by trusted web sites of your choice (e.g. your online bank).

NoScript also provides the most powerful anti-XSS and anti-Clickjacking protection ever available in a browser.

NoScript’s unique whitelist based pre-emptive script blocking approach prevents exploitation of security vulnerabilities (known and even not known yet!) with no loss of functionality…

You can enable JavaScript, Java and plugin execution for sites you trust with a simple left-click on the NoScript status bar icon (look at the picture), or using the contextual menu, for easier operation in popup statusbar-less windows.
Watch the “Block scripts in Firefox” video by cnet.

For Android:
NoScript Anywhere (NSA) is the nickname for the next major iteration of the NoScript security add-on (NoScript 3.x), whose guts have been turned upside down in order to match Mozilla’s Electrolysis multiprocessing architecture and implement a porting for Firefox Mobile, available on Android smartphones and tablets.

This open source (GPL) effort has started in the very beginning of 2011, and has been partially funded by the NLnet Foundation.

NoScript 3 alpha, available on Firefox 4 Mobile for the Android and Maemo operating systems, offers all the the major security features of “classic” NoScript:

Easy per-site active content permissions management.
The first and most powerful anti-XSS (cross-site scripting) filter available in a web browser.
ClearClick, the one and only effective client-side protection against Clickjackings available on the client side.*
ABE (App Boundaries Enforcer), a true webapp firewall inside your mobile browser to protect your router and web applications against CSRF and DNS rebinding attacks.**