Tweetbot 1.3.3 for Mac, and 2.8.5 for iPad and iPhone, does not require confirmation of (1) follow or (2) favorite actions, which allows remote attackers to automatically force the user to perform undesired actions, as demonstrated via the tweetbot:///follow/ URL.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2013-11-12T20:00:00Z
Updated: 2024-09-17T03:32:33.946Z
Reserved: 2013-09-11T00:00:00Z
Link: CVE-2013-5726
Vulnrichment
No data.
NVD
Status : Modified
Published: 2013-11-12T20:55:04.483
Modified: 2024-11-21T01:58:01.417
Link: CVE-2013-5726
Redhat
No data.