Clickjacking: IE8 & Chrome
First Microsoft touts clickjacking protections in Internet Explorer 8, then a security researcher releases a proof of concept for a clickjacking attack targeting the Google Chrome Web browser. Clickjacking, some say, remains an issue that will require cooperation in the security community.
And IE8 might not be as bullet proof as MS would have you think?
If you use FF 3.0.5 and NoScript you can set NS to mitigate against this.
Grossman suggested browser vendors consider bundling in the NoScript Firefox plug-in by default.
"NoScript has powerful security features that can prevent clickjacking as well as many other Web-based attacks, which also allows users to tune their own level of desired security," he added. "For Internet Explorer, Opera, Google Chrome, etc., they should embed similar features and functionality in their products."