If you’ve not heard of “clickjacking” in the context of a web browser, you need to get up to speed.
It’s essentially a malicious site/page/ad that appears over a legitimate site in your browser–but is invisible. The “clickjack” occurs when you *think* you are clicking a link on the legit page, but the malicious site has interposed an invisible button *above* the real one–so you end up clicking a button with a malicious command or script–which could include turning on your microphone or web cam and sending the resulting audio or video to the author of the malicious page.
That’s perhaps over-simplified. Read the summary on Macintouch (not Mac-only) or the longer discussion on Computerworld.
This affects *all* browsers on all platforms (well, all that use a graphical interface—you could switch to the Lynx, text-only browser! 
). Adobe’s Flash is also vulnerable.
The only good defense at this point is to run Firefox v 3.x with the NoScript extension enabled. The newest version of NoScript (1.8.2.1) now has Clickjacking “ClearClick” protection built in. You ought to be running Firefox as your primary browser anyway—and you should certainly also be using NoScript.
