‘Click Jacking’ is the latest browser-based security problem. Since it’s entirely browser based it affects everyone, regardless of their operating system. This is a cross-browser problem and also affects Flash. Its very simple to understand how it works. The basic purpose of clickjacking is to trick people into clicking on something the attacker want them to click on but user don’t want to click on.

This attack uses CSS and iFrames to place invisible content over visible buttons or links. Imagine your webcam and mic turned on by a click on some website and the attacker is spying on you through your own mic and webcam. Since the attack is running in your browser the attacker has access to anything you’re logged in to. They could hijack your clicks to reprogram your router, mess with your FaceBook profile, or interact with your online banking! The only slight silver lining is that attacks are limited to things that can be done by clicking.

Regarding protection against the hack, the only authenticated solution is NO SCRIPT, which is a browser plugin in firefox. You have to configure it as the default settings so it provides protection against IFRAME. Just open the options of the NO SCRIPT and in “Plugins” tab, click “Forbid “. This will do the job.