About cross site scripting

Does cross site scripting work only in the same browser window?

Is it enough to open another firefox instance to avoid the possibility?

Is noscript enough protection?