HTTPS Everywhere [GPLv3+]
Enforces the use of secure connections where known to be possible through the use of an updated white-list, this means where a website has the ability to deliver it’s bits to you over HTTPS(Secure HTTP) the add-on will tell it to. Browsing over a secure connection is intended to prevent third-parties, parties other than you and the server itself, from being capable of peaking into the connection and spying or tampering with the data.
RequestPolicy [LGPLv3]
Allows you control over the connections your browser makes upon visiting a webpage, connections external to the domain you’re on are block unless the connection is whitelisted; a simple menu stemming from an icon on your toolbar displays the domains that connections to were blocked with submenus to allow the connection from CurrentDomain.tld to ExternalDomain.tld temporarily or permanently. On the other hand if you trust the externaldomain itself you can allow all connections to it, very convienient for domains that you trust and are linked to by many websites.
NoScript [GPLv2]
Allows control over whether scripts and other such resources are allowed to run or not on a per-domain basis. This is convienient for many reasons, not having to worry about scripts slowing your browser, tracking via Javascript, it stops Flash and WebGL too, both known security vulnrabilities with the former being terribly CPU-intensive too. Seeing as most websites these days use Javascript but very few actually need the Javascript I find it fine to leave blocked most of the time.
Firebug [Simplified BSD]
This lets you inspect a page’s code, with capabilities to alter the page with instant visible changes without refreshes, great for testing small alterations or even investigating how something was done. Complimentary add-ons such as Firepicker [Simplified BSD] which provides a graphical interface for picking colours for an element on the page and filling in the corrisponding Hexadecimal or RGBA codes.
Notes
You shouldn’t use AdBlock, it’s useless if you use RequestPolicy and mean to webmasters who have genuine need, it’s a blanket policy for a limited issue; also the developers take money to get some off the list.
The supposed privacy add-on Ghostery is proprietary and therefore no help to your privacy or freedom. RequestPolicy does the job of Ghostery by preventing all extenal connections by default.