What about the "Ask to Activate" option in Firefox? I normally disable Flash though anyway.
As long as it does not operate on a "click to play" functonality (as in the click to play thing appears right over where the flash content would normally be) and requires additional user interaction (such as through a dialog provided by the browser) then it should be fine.
I believe NoScript may also provide additional protections against such scripting even when not operating in the default "block all" mode. Whitelisting first party content by default (this is under the options name "Temporarily allow top-level sites by default") makes using NoScript much easier and will still provide much stronger protections over not using it at all. People who might not want to use NoScript because of it's barrier to entry may actually use it after enabling that option. uMatrix on Chrome operates similarly by default.
In Mine this options comes up every single time for every single page. Is there a way to disable that without outright disabling flash? Idealy I want it disabled by default but I want to have a white list of sorts for sites like Youtube, Facebook videos, and other video sites.
You can do this in Chrome at least, I'm not sure if Firefox has a similiar feature. If you click the page icon (where you can view stuff like connection info, the encryption settings a site uses, etc) under the permissions tab you can set plugins to allow by default.
I would be surprised if Firefox didn't have similiar functionality to allow plugins on a per-origin basis. If not using built in functionality I'm pretty sure you could do it with NoScript.
Using Noscript greatly enhances security of flash.
Only to the extent that it would block flash being loaded. It does not make the use of Flash after it's already been loaded more secure. As I've said before, using Flash in the confines of the Chrome sandbox is the most secure way to
use Flash.
There's actually a setting in Adobe Reader 11, enabled by default, labelled as follows:
"Allow opening of non-PDF file attachments with external applications."
Adobe also developed "Adobe JavaScript" for Adobe Reader, again, enabled by default. The mind boggles.
There are several settings such as the one you mentioned which can actually make the Adobe Reader sandbox pretty secure. The other is forcing on "Protected Mode" by default in addition to disabling the scripting.
IE11 also has similar options which are not enabled by default but can significantly increase the protection level such as enabling Enhanced Protected Mode (and the use of 64-bit processes for it).
The problem is compatibility. These settings may break very few things but the fact that they can cause problems is probably why they haven't been enabled by default.