Clickjacking is one of newer online threats. If you are not familiar with it, here is an excerpt on what it is:

Clickjacking is a malicious technique of tricking web users into revealing confidential information or taking control of their computer while clicking on seemingly innocuous web pages. A vulnerability across a variety of browsers and platforms, a clickjacking takes the form of embedded code or script that can execute without the user’s knowledge, such as clicking on a button that appears to perform another function.

This is threat regardless of what browser you are using. Thankfully, Firefox users can protect themselves from this threat with NoScript. The linked article contains an email from the author of NoScript which explains the settings to use to protect yourself.

Basically, using NoScript with user specified trusted site protection (default configuration) protects you against most all scenario’s, but for complete protection you would need to disable all IFRAME’s. Disabling the IFRAMES, however may cause certain sites to completely stop working.

IE8 users can heed the following advice:

End-users can mitigate the impact of CSRF attacks by logging out of sensitive websites when not in use, and by browsing in independent InPrivate Browsing sessions. (InPrivate sessions start with an empty cookie jar, so cached cookies cannot be replayed in CSRF attacks.)