Two of the worst offenders are overly-specific user agents (a setting which should definitely be configurable) and list of plugins (which I see no reason for being available).
In Mozilla Firefox, you can create the setting general.useragent.override (it doesn’t exist by default) and set its value to “Firefox” to get a very generic user agent string that websites will still recognize as Firefox and not block as a bot.
Regarding plugins, the best solution I have found is to have none enabled. Firefox still sends them in the list when using click-to-play, so it is necessary to disable them completely.
As I said in my other comment, changing your user agent string affords you no privacy protection against those who care about knowing, and makes you more trackable.
Your browser (including the exact version) can be determined without looking at the user agent string (which is mostly a series of lies anyway). Changing it "for privacy" makes you easier to track.
As to the plugin list, you could make it non-enumerable, but then one could just probe for the X most common ones, like can be done for fonts.
I doubt it is possible to determine the exact version, or even the browser (though the accept headers might leak it), without JavaScript. Thus NoScript fixes that problem.
You are right that this gives more information to a determined person, but anyone who pushes fingerprinting to the point of detecting a user’s browser version and other characteristics through JavaScript will certainly be able to identify you uniquely anyway. In such a case, it doesn’t matter than this person has more or less information, since he can already identify you; and having a generic user agent makes people who only look at it know less about you.
It's possible to differentiate the major browsers and operating systems without javascript, and even the versions can be narrowed down without javascript even with user agent spoofing.
Regarding plugins, the best solution I have found is to have none enabled. Firefox still sends them in the list when using click-to-play, so it is necessary to disable them completely.