A vulnerability hole on android firefox sync

I logged in on Firefox android app. It asked for code sent to email, I DID NOT enter it. But later when I came back to app it was logged in and had synced data.
Version: 97.3.0

Update: Now that I reboot phone it is logged out from firefox sync and wiped synced passwords from device. Definitely a bug