The attack starts with a malicious web page that may have some unintended consequences. Objects embedded in the page may capture mouse clicks and direct them to a hidden target. Hijacked clicks from users may be used in many ways, including deleting mail, advertisement click fraud, or other, more sinister actions. A demo page demonstrating one possible variation (reads images from a webcam without knowledge of the user) can be seen at the following URL:
Unfortunately, there is no quick and easy fix. Firefox users using the NoScript plugin will thwart the majority of these attacks (make sure you are using version 220.127.116.11 or later!). We will continue to monitor this vulnerability and provide an update when more information is available.