With clickjacking, a malicious site loads the target site in a transparent iFrame overlaid on top of a set of dummy buttons that are carefully constructed to be placed directly under important buttons on the target site. When a user clicks a visible button, they are actually clicking a button (such as an 'Authorize' button) on the hidden page.
OAuth 2.0 Threat Model and Security Considerations (RFC6819, section 4.4.1.9)
This threat is considered fully mitigated if all the test cases from one of the following test sets succeed.
The impact factor is a measure that indicates how important a given countermeasure is towards mitigating a threat.
Back to the threat overview