Flash Objects Hidden but not Blocked

[wcwc05]

Hi,
I regularly use NoScript and have found it to be a great asset both for security purposes and just for giving me control over what websites do. But I have noticed one problem that might be minor but also might open a vulnerability in NoScript, so I'm not sure whether to worry about it or not. It appears that some flash programs from non-whitelisted sites are actually loaded by my browser, then simply hidden when I shift focus to the tab. I'll provide an example below. The flash programs are able to play sound, and are fully visible for about a second after shifting focus, then are hidden by NS and look like they were never loaded. This occurs whether the page is loaded in an off-focus tab or in my current tab.

The basics: I am running NS v1.9.8.1, and as I make this post, the latest development build is said to be identical to this version. I first noticed the problem several weeks ago, so it is not unique to the latest version. I am running Firefox 3.0.12 on Windows XP SP3.

For example, the page http://www.odysseymoon.com/index-3.html contains a flash object at the top of the page which includes animation and sound. When I load this page in my current tab or a new tab, the flash object is fully loaded and begins to play both animation and sound. In my current tab, this continues for about a second before NS kicks in and hides the object. On a new tab, this continues until I shift focus to the tab, then again continues for about a second. NS lists two script sites for this page, macromedia.com (which is on my whitelist) and odysseymoon.com (which is not on my whitelist). Taking macromedia.com off my whitelist has no effect; the flash object still loads and runs its animation and sound until I shift focus to the tab. (Whitelisting odysseymoon.com has the predictable result of not blocking the object at all.)

I'll admit I don't really know what's going on here, but it seems like at best this undermines what NS is designed to do and at worst provides a possible vulnerability. The flash object on this page is merely a site menu that provides animation and sound, but a more malicious flash object that should be stopped by NS would still get through. Even if this is not possible, my browser is still using resources to download, display and run the flash object, merely hiding it from me when I look. I thus get the inconvenience of the page not displaying as it should but without all the benefits that I've come to rely on from NS. This is particularly annoying when I open a large number of tabs, then have to click through them all to find the one or two that are displaying the objects that should be blocked.

As a final note, I delayed reporting this for several weeks because I couldn't find any reliable distinction between the pages that did this and the ones that didn't. The problem is consistent within a page for me (if it occurs once on a page, it will occur there again) but otherwise is inconsistent (some pages' flash objects seem fully blocked, others do not).

Thanks for your help, and I appreciate any feedback. I'd be more than happy to provide any additional information you can use.

[therube]

Not able to duplicate it here.

After doing a Reset (backup your settings if you try the same), the Flash placeholder immediately comes up.
I do not show macromedia at all, only odysseymoon.
If I Allow odysseymoon, the Flash (menu) object loads.

[wcwc05]

I seem to have solved the problem, at least nominally. Under NoScript Options --> Plugins, "Forbid Adobe Flash" was unchecked. Checking that box makes NS behave the way I would expect. (Does not load the object unless I specifically allow the site.) Why NS would momentarily allow it before hiding it is a question I'll have to leave to the coders, but it seems to be working now.