Recently, "researchers" Robert Hansen and Jeremiah Grossman, unveiled the newest weapon in a Hacker's arsenal- Clickjacking.
Clickjacking is where an attacker can control the links your browser visits. Now as usual, there's an upside and a downside to this attack. The good news is that if you use a script filter, such as the add-on for Firefox called No Script, then there's a good chance you can prevent the attack from being successfully used on you. Now several bits of bad news.
First, the attack can be used via any browser. Yes, that includes Firefox 3 & Internet Explorer 7. The only known browser exception is lynx.
It is also worth mentioning that this is a considered a 0(zero)-day vulnerability. 0-day vulnerabilities are exploits which have no patch; they weren't even discovered (by the "good guys") until recently. This means that there are NO defenses for this attack. As mentioned before, the only quasi-defense is to use a script-diabling program.
For more in-depth examples, Tod Beardsley from BreakingPoint has posted a few proof-of-concept exploits with speculation around clickjacking.