[ UPDATE: See e-mail from NoScript creator Giorgio Maone on a possible mitigation ]
Researchers are beginning to raise an alarm for what looks like a scary new browser exploit/threat affecting all the major desktop platforms -- Microsoft Internet Explorer, Mozilla Firefox, Apple Safari, Opera and Adobe Flash.
The threat, called Clickjacking, was to be discussed at the OWASP NYC AppSec 2008 Conference but, at the request of Adobe and other affected vendors, the talk was nixed until a comprehensive fix is ready.
So, what exactly is Clickjacking?
If that's not scary enough, consider than the average end user would have no idea what's going on during a Clickjack attack.
According to Hansen, the threat scenario was discussed with both Microsoft and Mozilla and they concur independently that this is a tough problem with no easy solution at the moment.
Grossman confirmed that the latest versions of Internet Explorer (including version 8) and Firefox 3 are affected.
- In the meantime, the only fix is to disable browser scripting and plugins. We realize this doesn't give people much technical detail to go on, but it's the best we can do right now.