From what it looks like, basically full control of the browser by anyone that can manage to I personate the addons.mozilla.org. and that the fix wasn't expected or understood in the sept 4th nightly release. there's probably going to be a bigger investigation of this problem from what I'd expect because of that.