Double-confirmation on email change
Problem:
The email address associated to the account and used for the password reset can be changed without requiring a validation from the old email address.
Threat:
An attacker with control over the victim's browser is able to change the victim's email address to their own instantly and further take control of the account by using the "password forgotten" feature.
Possible mitigation:
When changing the email address of the account, a verification link should be sent to the old address for the owner to validate it.
Edited by Dan Jensen