NoScript, the security add-on for Firefox, has been upgraded to protect against clickjacking.

NoScript blocks scripts in programming languages such as JavaScript and Java from executing on untrusted web pages. The scripts could be used to launch an attack on a PC.

According to Giorgio Maone, an Italian security researcher who wrote and maintains the program, Version of the software will stop clickjacking attacks, which sees users accidentally clicking on malicious, invisible links while browsing the web.

Clickjacking has been known for several years but is drawing attention again after two security researchers, Robert Hansen and Jeremiah Grossman, warned last month of new scenarios that could compromise a person's privacy or even worse, steal money from a bank account.

Unfortunately, clickjacking is possible due to a fundamental design feature in HTML that allows websites to embed content from other web pages, Maone said. Nearly all web browsers are vulnerable to a clickjacking attack.

"It's a very hard thing to fix because it's part of the very fabric of the web and the browser," Maone said.

The embedded content can be invisible but a person can still unknowingly interact with it. A clickjacking attack takes advantage of that by tricking a user into clicking on a button that appears to do some function but actually does something entirely different.

Clickjacking can also be accomplished by manipulating the plug-ins of other applications, such as Adobe's Flash program and Microsoft's Silverlight. For example, researchers in recent days have shown it's possible for a clickjacking attack to turn on a person's web camera and microphone without their knowledge.

Adobe said this week it will issue a patch for Flash by the end of the month.

NEXT PAGE: How website owners can protect their users