Good Q&A on clickjacking:
In plain English, clickjacking lets hackers and scammers hide malicious stuff under the cover of the content on a legitimate site. You know what happens when a carjacker takes a car? Well, clickjacking is like that, except that the click is the car.
“Clickjacking” is a stunningly sexy name, but the vulnerability is really just a variant of cross-site scripting. We don’t know how bad it really is, because the details are still being withheld. But the name alone is causing dread.