I would vote against this if I could. Unfortunately I don't see the option. I don't see why these should be part of the core at all when anyone (a small segment of users) can just install those extensions if they want it. The only reason why I comment here is because of signature spamming this feature request on Slashdot.
"I don't see why these should be part of the core at all..." Because you shouldn't have to install extensions to get a simple, usable UI. The functionality is already in Firefox. However, it's really awkward to use. All I'm asking for is the UI to be as simple as it is if you add the two extensions.
I can see something akin to YesScript (a simple on/off switch on the toolbar) being a viable option to integrate with Firefox, but NoScript is one of the most convoluted add-ons I've ever come across, a classic geek-mentality tool that would frighten anything but the most hardened Firefox user. CookieSafe I can't comment on because I've never used it. But certainly, as written, this is one of those bugs that makes you wish you could vote against it instead of only for it.
Here's a news story with several million more reasons why NoScript functionality is an essential security feature which belongs in the core product: http://news.cnet.com/8301-27080_3-20000898-245.html
I see you've added the per-site cookie blocking, in spite of claiming WONTFIX. Now all you need is the same thing for scripts.
(In reply to comment #8) What "in spite of"? I said point blank in comment 5 that I think per-site cookie and JS options are a good thing, just not blocking everything by default. (though I think blocking 3rd party cookies by default would be good, but probably not going to happen anytime soon) Fundamentally, this bug requests them all off by default, which as already stated isn't going to happen. I suggest you not bother playing with the status and just leave this WONTFIXed, as nobody is going to fix it. The average user either won't put up with prompts for every page to use basic web functionality and those who would, frankly, wouldn't know when to allow or not. The part you want that may get done at some point is per-site JS blocking. If there's no bug for that yet file a new one for just that. (though, there is probably one somewhere, but I can't find it at the moment; I just see the dupes to the SeaMonkey bug)
I reopened bug 320522 from being marked as a dup of a seamonkey bug.