flashblock is not good at blocking flash from a security standpoint. with it enabled, visit http://lcamtuf.coredump.cx/html5object/ and you'll probably see at least one flash animation start.

http://lcamtuf.blogspot.com/2011/03/warning-object-and-embed...

Thanks for the link to that demonstration. Hadn't seen anything bypass flashblock before. Switched to NoScript and confirmed that it actually blocks all of the test cases.

Maybe flashblock isn't good enough, but when combined with noscript, it didn't let anything on that page slip through.

noscript natively supports blocking embedded things with a click-to-activate interface, so if you're using noscript there's no need for flashblock.

The thing I like about NoScript is that you can set it to block everything, even on trusted sites. You have to click the placeholder to make it load, or if there isn't a placeholder (web fonts, hidden flash embeds) you have to look at the Blocked menu.