As a die-hard Firefox fan, I am often quizzed on my favourite FF extensions. Here're some I find useful as an application security penetration tester:

• Live HTTP Headers - study the request/response headers from within your browser.
• Modify Headers - And modify those headers.
• Tamper Data - Again, go ahead and edit those requests and responses!
• JS View - dive in and get the javascripts in a single-click
• View Rendered Source Chart - the ultimate tool to render the page source fully. I'll cover this in greater detail soon.
• Show IP - a tool to quickly dig into an IP address
• Server Spy - fingerprint the webserver while you are browsing :)