There are a lot of security issues because of bad plugins (Java, Flash, etc). You can disable all plugins by default so you must click to activate.
- about:config
- plugins.click_to_play
- set value to true
- Restart the browser
Now all plugin are diabled by default and you must click to activate.