Re. "Potential clickjacking" alert

[kukla]

Thanks, "a picture is worth...." Now I understand what "clicking on the image below" means. I had no idea "image" was referring to the slender, white, horizontal space (in this case) that I took to be a search field inside the alert. That's what was so misleading.

My pop up resembles the second set from that linked thread. When I click on that empty space I see three of the buttons from the page I'm on in that site (one of which I clicked on originally to produce the pop up) with its frame edge turned red, while the previous, but empty "image" was, indeed, green.

I understand Giorgio has analyzed this and found nothing malicious, but what would I have been able to tell on my own by comparing the empty (green) frame to the clicked, red one with those three buttons displayed? There is, indeed, a significant difference between the two, and I don't understand, to begin with, why the first, green one should be empty, i.e. does not appear to be an image.

I took screen shots (.png) which I tried to drag into the reply, but that didn't work. Perhaps you can explain how to do that, if it's possible.

(BTW is there any way to block these annoying junk ads masquerading as posts? Seems ironic that a forum dedicated to a program that blocks offensive junk is occasionally littered with these. I guess it's because there's no registration required and you just knock them off when you get them; however, I've never seen them on the no registration Firefox support forum.)

[therube]

Upload the images to a place like http://www.tinypic.com/, then post the [IMG] links here.

[kukla]

Thanks. For now I hope my description will suffice. If you think it's absolutely necessary, I will, but I'm reluctant to register for yet another site. The situation is really quite similar to that second set of screen shots in that thread you linked.

[therube]

I'm reluctant to register for yet another site

Me too. Yet you don't (necessarily) have to register to use tinypic's services.

[kukla]

Empty one is first.

[kukla]

Even though Giorgio has analyzed the warning I received for this page based on the report and found nothing malicious, can someone please tell me how I'd go about interpreting the above screenshots of the alert, myself, since the frame is empty in the first, green one; therefore, nothing to which to compare the image in the second, red frame. I don't understand the meaning of the empty frame. I'd like to know in case this happens sometime again with another site. Thanks.

[Giorgio Maone]

Even though Giorgio has analyzed the warning I received for this page based on the report and found nothing malicious

In the report I analyzed both images were present, and they just differed for a subpixel shift.
The dialogs you're reporting here now are different, because one of the two images is blank.
This may happen when the page isn't fully loaded yet, and therefore one screenshot comes blank (no data yet) and the other show something (because in the meanwhile the data has been loaded).
Just a guess, since I still can't reproduce the warning

As a rule of thumbs, though, you can judge the "malevolent" intent by comparing the two images and seeing if the hidden one was something you did not want to click in that context (e.g. a "Pay Now" button).

[kukla]

Thanks. I just went back and tried the site again and this time the first frame was no longer empty. It did display those buttons you see in the second one. Earlier one must have been a fluke. Cycling back and forth showed the two, as you said, a little offset. I'm on a CRT - no pixels involved - and the difference was quite clear to my eye, no loupe needed. It jumped, maybe, 3 or 4 mm.

Thanks for the help on this and your work. Will be donating.