11
07
2011
Fancy Clickjacking, Tougher NoScript
Posted by: Giorgio in Clickjacking, Mozilla, Security, NoScriptLast week a couple of interesting and novel Clickjacking techniques have been published:
- Cross-domain content extraction via framed view-source
- Double-clickjacking (or, as I prefer to call it, Rapid fire cross-site interaction)
Both involve a tiny amount of social engineering (#2 requires JavaScript, too), but as you can see they are totally feasible.
Needless to say, recent NoScript versions neutralize them no matter if JavaScript is enabled or not, thanks to specific enhancements in NoScript's unique anti-Clickjacking protection module, ClearClick.