Tweetbot 1.3.3 for Mac, and 2.8.5 for iPad and iPhone, does not require confirmation of (1) follow or (2) favorite actions, which allows remote attackers to automatically force the user to perform undesired actions, as demonstrated via the tweetbot:///follow/ URL.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2022-10-03T16:14:55
Updated: 2022-10-03T16:14:55
Reserved: 2022-10-03T00:00:00
Link: CVE-2013-5726
JSON object: View
NVD Information
Status : Analyzed
Published: 2013-11-12T20:55:04.483
Modified: 2013-11-13T15:49:23.230
Link: CVE-2013-5726
JSON object: View
Redhat Information
No data.
CWE