When deleting the account by this link https://addons.mozilla.org/en-US/firefox/users/delete The application didn't ask for password but asks for email which is in placeholder attribute so if the user left his account someone could delete his account easily. Solution: add confirming with password. Best, Muhammad Nasef (C4U53)
As we recently migrated to Firefox Accounts, addons.mozilla.org does not store passwords any longer. We cannot ask for confirmation using your password because we don't have it anymore.
But this will cause the same problem in Firefox Accounts ! Because If the account was deleted from the addons then It'll be deleted from Firefox Accounts. So can't you use sort of verification which redirect user o firefox accounts which confirm deleting by password ?
If Firefox Accounts ask for password in deleting account but addons doesn't then there is need for this in firefox accounts because the attacker could use addons to delete Firefox accounts.
Deleting your account on addons.mozilla.org does not delete it from Firefox Accounts.
(In reply to Mark Striemer [:mstriemer] from comment #4) > Deleting your account on addons.mozilla.org does not delete it from Firefox > Accounts. Excuse me but at the end the attacker could delete the addons account of the victim so there is a lot of solutions you could implement in this case.