The newest version of Firefox 3.6.9 now supports the X-Frame-Options HTTP response header to prevent clickjacking attacks.
Web site owners can configure their Web servers to send a special header that tells the browser to not embed the page inside another Web site’s content.
“When an attempt is made to load content into a frame, and permission is denied by the X-Frame-Options header, Firefox currently renders about:blank into the frame. At some point, an error message of some kind will be displayed in the frame instead,” according to the Mozilla document on X-Frame-Options response header.
In June, several hundred thousand Facebook users fell victim to a clickjacking attack.