The gnome-shell plugin 3.4.1 in GNOME allows remote attackers to force the download and installation of arbitrary extensions from extensions.gnome.org via a crafted web page.
www.openwall.com/lists/oss-security/2012/09/08/1
www.openwall.com/lists/oss-security/2012/09/13/19
www.openwall.com/lists/oss-security/2012/09/13/26
www.openwall.com/lists/oss-security/2012/09/18/3
www.securityfocus.com/bid/55556
bugzilla.gnome.org/show_bug.cgi?id=684215
bugzilla.novell.com/show_bug.cgi?id=779473