Tavis Ormandy discovered that the browser extension installed as part of Gnome Shell (libgnome-shell-browser-plugin.so) would install Gnome Shell extensions without authorization from the user running the browser. While the Gnome Shell extension installer does not install these extensions directly, it does pass them to Gnome Shell via D-BUS, which then in turn installs the extension from extensions.gnome.org. If a malicious user were to upload a malicious extensions to extensions.gnome.org and coerce a user into visiting a site where the extension installer would request that application's installation, the extension would be installed without the victim's knowledge.
The initial report was here: http://www.openwall.com/lists/oss-security/2012/09/08/1
Created gnome-shell tracking bugs for this issue Affects: fedora-all [bug 858036]
Upstream bug report: https://bugzilla.gnome.org/show_bug.cgi?id=684215
I think this is not a problem anymore, since browser behaviour has changed. See discussion in the upstream bug