Lax Crossdomain Policy Puts Yahoo Mail At Risk

Yahoo has made strides in battening down its security in the last 12 months, most publicly with its decision to enable end-to-end encryption for its email service, turn on SSL by default, and encrypt links between its data centers. There are still some darkened corners of its infrastructure,...

Google Chrome 33.0.1750.146之前版本多个安全漏洞

BUGTRAQ ID: 65930 CVECAN ID: CVE-2013-6663,CVE-2013-6664,CVE-2013-6665,CVE-2013-6666,CVE-2013-6667,CVE-2013-6668 Google Chrome是由Google开发的一款Web浏览工具。 Chrome 33.0.1750.146之前版本在实现上存在多个漏洞，成功利用后可使恶意用户绕过某些安全限制并控制用户系统。 1、处理SVG图形时存在释放后重利用错误。 2、语音识别内存在释放后重利用错误。 3、处理软件渲染时存在错误，可导致堆缓冲区溢出。...