Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request from GHSA-q7c2-pgqm-vvw5
GHSA-q7c2-pgqm-vvw5 An exploit was possible which allowed a user to elevate from user to system privileges. This is via installing a malicious add-on to the secure screen. This allowed the user to execute arbitrary code with system permissions. None When NVDA is running in secure mode, such as on a secure screen, the following remote procedure calls are now blocked: - installing an add-on to a secure desktop - opening the config directory on the secure desktop (this does not appear to do anything on the secure desktop) with a self-signed build: - Test STR in GHSA-q7c2-pgqm-vvw5 - Smoke test the sign-in process
- Loading branch information