Thrawn wrote:@access2godzilla: Clickjacking can indeed be a security problem. What if, instead of the Facebook Like button, the spammer tricked you into clicking an Amazon Buy it Now button? Or the Flash configuration page, enabling a site to use your microphone and webcam?
As I said, everything is theoritically possible, but in practical life: not so much. I've never bought things from Amazon, but I assume that the attacker is going to have a hard time pulling it off, since it would possibly involve:
Amazon example:
1. Clickjacking the the buy now and the make payment buttons (easy, though the attacker would likely have to make some kind of a mouse-operated action game or something similar)
2. Somehow make me acutally make the payment, detect my payment processor, enter my credit card details and make me pay.
Flash player config page:
The system settings always overrides the settings of the online settings page for versions >= 10.3 : https://www.macromedia.com/support/documentation/en/flashplayer/help/settings_manager.html#124401