One last response, and then I stop, as you've obviously got an axe to grind and my pointing out the original reasoning isn't going to change that.
I shouldn't have to learn how to write a full add-on to do something that WAS THERE AND WAS REMOVED, just to TURN OFF something. That's ridiculous. And the problem is that if the malicious website is preventing you from getting to any other pages you are probably going to have trouble getting to the add-on.
See another response to my comment; a bookmarklet that does what you want. However, the idea behind the add-on is that it sticks a button in your toolbar, so you don't have to "get to the add-on".
Here's an idea. What about DON'T TURN OFF JAVASCRIPT ON PAGES THAT AREN'T MALICIOUSLY TRYING TO HIJACK YOUR "WEB EXPERIENCE"? It's that simple. Really. There's no reason to turn it off for banking, search, etc unless they are doing something bad.
The JS toggle in settings is global. If you have multiple tabs open, it gets turned off for ALL tabs, not just the malicious page. But then on the other side, loading a banking page in the same browser as a potentially untrusted page at the same time isn't really a good idea in the first place.
This global toggle wasn't an issue back when it existed, as web pages would load their JS on load, and that would be that -- so you'd just turn JS off, reload the malicious page, and you're done, without affecting the other pages. Nowdays with REST and dynamic page content, this doesn't work -- you disable JS and the next time an active script goes to pull down some other data and run it, things will fail in unexpected ways. You're pulling the rug out from under the scripts, and unless they were all coded well (most aren't), you're going to find that toggling the JS causes you to have to start your other tabs from scratch, potentially losing data.
And when you start back up it reloads all the pages, including the one that you wanted to get away from. And it takes the time to reload all the other pages. Yes, I've sometimes seen the "Oops" page that first asks which pages to reload, but more often than not it just reloads everything. And if the js is messing with other pages, you get the messed result right back.
It is just more convenient and less time consuming to turn off js when necessary than to kill a browser session and wind up back where you were.
Sounds like you should complain about THIS. With my settings, I always get the Oops page, and can always uncheck the bad page and keep the others. And my copy of firefox takes as long to close and re-open like this as navigating to the Prefs/Options and toggling JS would take. One of the benefits of modern Firefox is that it caches the other tabs, and doesn't re-load them to refresh data until it needs to, which really speeds things up (and also means that even if the Oops page somehow didn't come up, you can still close the malicious tab, as scripts haven't started running on it yet after load).
What does this have to do with blocking ads? Where did you get the idea that ads are the only malicious web pages our there?
I recommend you take another look at AdBlock; it's much more than just an ad blocker. I have a bunch of filters in there for known malicious path fragments (including things like invoice.php and the like) -- it's a great way to prevent your browser from loading uris you never want to see.
Most people just "set and forget" AdBlock Plus, but there's a lot more you can do with it, such as blocking malicious sites or malicious site content, based on heuristics and regex substrings. I believe there's even a blocklist you can subscribe to that's all about the malicious stuff, instead of just about ads.
If you click on the widget and select "Open Blockable Items" on a malicious page, you'll get a listing of all items loaded for the page, and you can block any of them from loading. So for example, if there's a JS file that the page loads and you know it's causing you grief, you can select it and block it. And then if you want, you can block that JS file if it's loaded from ANY site, not just the one you're on. You can restrict where a domain refers you to, block specific asset types, etc.