Tweetbot 1.3.3 for Mac, and 2.8.5 for iPad and iPhone, does not require confirmation of (1) follow or (2) favorite actions, which allows remote attackers to automatically force the user to perform undesired actions, as demonstrated via the tweetbot:///follow/ URL.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2013-11-12T20:00:00Z

Updated: 2024-09-17T03:32:33.946Z

Reserved: 2013-09-11T00:00:00Z

Link: CVE-2013-5726

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2013-11-12T20:55:04.483

Modified: 2024-11-21T01:58:01.417

Link: CVE-2013-5726

cve-icon Redhat

No data.