Security News > 2023 > June > Firefox 114 is out: No 0-days, but one fascinating “teachable moment” bug
Clickjacking, very simply put, is where an attacker lures you to a part of the screen that looks safe to click on, and tricks you into clicking your mouse or tapping your finger on the spot marked X. only to have your click sent to a component in the web page that you definitely wouldn't have clicked on if only you'd known where your click was really going.
Serve up content as a lure, showing a button or something of that sort that you'd be likely to see and want to click on.
Then looking away when we shouldn't have, and accidentally clicking on the very location where some other urgent dialog had popped up that we hadn't noticed, such as approving an immediate and lengthy reboot to apply updates instead. With the right timing.
If a malicious page elicited user clicks in precise locations immediately before navigating to a site with a certificate error, and made the renderer extremely busy at the same time, it could create a gap between when the error page was loaded and when the display actually refreshed.
With the right timing the elicited clicks could land in that gap and activate the button that overrides the certificate error for that site.
In other words, clicks from a previous, innocent-looking page no longer get delayed or left over for long enough to make it into an all-important security dialog that needs genuine attention before accepting your input.