When I referred to a Debian fix/workaround I was referring to Iceweasel, not the operating system.
In order for a man-in-the middle to work there has to be someone there waiting. Hence the DHCP recommendation. Static ips attract bugs like sugar-water.
Noscript prevents running code in the browser, as the old attack you referred to required. I don't know about the new and improved version you talked about. I haven't seen it.
I am not saying you will be safe if you do these things, just that your odds are improved somewhat.
If you really feel paranoid, I would suggest you set up another user, (untrusted) with no privileges and run your browser, whatever it is, from that user account. Set your permissions so that the untrusted user doesn't have read/write access to your other user's data, but the other user has access to the untrusted user's data. Set the desktop folder of the untrusted user to root ownership and read only. Set the auto start folder to root ownership and read only. Regardless of what comes in on the browser it can't go anywhere, do anything, or destroy any data.