As I mentioned below, I had Flashblock, and used it for a while until I noticed that Flash is still in memory and Flashblock is just some JS that hides flash elements.
I used the following FlashBlock for Chrome, and using resource tracker I could see that no SWFs were downloaded on a YouTube page until after I temporarily enabled Flash on that page.
Note - The title is misleading. It's a zero day vulnerability on all platforms, but the exploits hit XP Vista and W7. It's still prudent to kill Flash on all though.
It is easy to turn off Flash in the Firefox plugins, and running the Better Privacy extension which kills the Flash hidden cookies normal cookie management doesn't touch. (One stalks you keeping track of every site you've visited with Flash) Better Privacy isn't yet compatible with the Firefox 4 beta but is fine with 3.x
Yes, extensions named 'Flashblock' are pretty universally mediocre and don't actually keep Flash from crashing your browser — they just keep it from being displayed.
ClickToFlash for native Webkit views on OS X actually blocks Flash for real — it's a native Webkit plugin that registers for Flash's primary mimetype and preempts it. When you selectively enable a flash embed, it replaces itself with Adobe's NPAPI plugin.
Using NoScript is probably best. It actually blocks Flash content properly, and protects against most other browsing-related vulnerabilities. Plus, if you don't allow scripts to run from advertiser's domains, most ads can't load.
I don't know what Flashblock you were using but the ones I have used do not behave this way. Maybe Flash was in memory because you clicked one of them and allowed it to run?
On last months zero-day Flash exploit thread, someone linked to a demo that shows bypassing Flashblock. I think this is it (but I don't run Flashblock).
Firefox: https://addons.mozilla.org/en-US/firefox/addon/433/
Chrome: https://chrome.google.com/extensions/detail/cdngiadmnkhgemki...