Here's a nice video demonstraction of how clickjacking can be used to exploit what would otherwise be an unexploitable cross-site scripting vulnerability:
For further details on the mechanics of this attack, check out Krzysztof Kotowicz's blog post, where he notes the only winning move is not to play.