For the past few versions of Shockwave Flash, loading a flash object from a browser is no longer a one-way street.  Flash objects can interact with the browser, including calling Javascript, and the browser can interact with Flash, including Javascript calling Flash's ActionScript.

There are some security restrictions in place - ActionScript has to be registered via ExternalInterface.addCallback, and by default you can't call scripts across servers.  But we were running into a problem I haven't seen clearly explained anywhere - calls from Flash to Javascript weren't working right only when displayed in Mozilla. A simple test with window.parent.doTest() worked in IE, not in Netscape.

It turns out that Mozilla has wrapped the Javascript object model in XPCNativeWrapper as part of a security fix a while back.  Unfortunately, part of the functionality of this wrapper includes hiding any Javascript functions outside of the 'self' container.

So, for Javascript calls to work right in Netscape, they need to only call functions in the self container (i.e. the javascript needs to be in the head for the current iframe.)  If you try to embed the .swf directly in an iframe, it won't be able to call any Javascript. 

Changing out test to self.doTest(), and moving the definition of the doTest function inside of the current iframe's HTML, fixed the problem.  But, we have to change our app a bit - previously the iframe directly included the .swf, and there is no way to make the Javascript available that way.

Maybe this is documented clearly somewhere, and if so, I'd love to know the link so that I can have better docs to review next time I'm stuck.  So far About exchanging data with Flex applications has been useful, but everything else I could find about flash javascript problems just pointed to the allowScriptAccess parameter Adobe added to combat cross site scripting.