<link rel="stylesheet" href="https://addons.cdn.mozilla.net/static/css/legacy/nojs.css?b=8d713eb-55f1ddcc">

Validation Results for cam.xpi

Validated at:

General Tests

0 errors, 0 warnings, 0 notices

Security Tests

0 errors, 0 warnings, 0 notices

Extension Tests

0 errors, 22 warnings, 0 notices

Localization Tests

0 errors, 0 warnings, 0 notices

Compatibility Tests

0 errors, 0 warnings, 0 notices
Add-on passed validation.

General Tests

0 errors, 0 warnings, 0 notices
All tests passed successfully.

Security Tests

0 errors, 0 warnings, 0 notices
All tests passed successfully.

Extension Tests

0 errors, 22 warnings, 0 notices
`setTimeout` called in potentially dangerous manner

Warning: In order to prevent vulnerabilities, the `setTimeout` and `setInterval` functions should be called only with function expressions as their first argument.

high

Suggestions for passing automated signing:

Please do not ever call `setTimeout` or `setInterval` with string arguments. If you are passing a function which is not being correctly detected as such, please consider passing a closure or arrow function, which in turn calls the original function.

resources/cam/data/common/js/jquery-1.7.2.js
422
423
424
if ( !document.body ) {
return setTimeout( jQuery.ready, 1 );
}
`setTimeout` called in potentially dangerous manner

Warning: In order to prevent vulnerabilities, the `setTimeout` and `setInterval` functions should be called only with function expressions as their first argument.

high

Suggestions for passing automated signing:

Please do not ever call `setTimeout` or `setInterval` with string arguments. If you are passing a function which is not being correctly detected as such, please consider passing a closure or arrow function, which in turn calls the original function.

resources/cam/data/common/js/jquery-1.7.2.js
454
455
456
// Handle it asynchronously to allow scripts the opportunity to delay ready
return setTimeout( jQuery.ready, 1 );
}
Access to the `Function` global

Warning: Evaluation of strings as code can lead to security vulnerabilities and performance issues, even in the most innocuous of circumstances. Please avoid using `eval` and the `Function` constructor when at all possible.

Alternatives are available for most use cases. See https://developer.mozilla.org/en-US/Add-ons/Overlay_Extensions/XUL_School/Appendix_C:_Avoid_using_eval_in_Add-ons for more information.

high

Suggestions for passing automated signing:

Please try to avoid evaluating strings as code wherever possible. Read over the linked document for suggested alternatives. If you are referencing the `Function` constructor without calling it, and cannot avoid continuing to do so, consider alternatives such as calling `Object.getPrototypeOf` on an existing function object.

resources/cam/data/common/js/jquery-1.7.2.js
572
573
574
return ( new Function( "return " + data ) )();
Access to the `eval` global

Warning: Evaluation of strings as code can lead to security vulnerabilities and performance issues, even in the most innocuous of circumstances. Please avoid using `eval` and the `Function` constructor when at all possible.

Alternatives are available for most use cases. See https://developer.mozilla.org/en-US/Add-ons/Overlay_Extensions/XUL_School/Appendix_C:_Avoid_using_eval_in_Add-ons for more information.

high

Suggestions for passing automated signing:

Please try to avoid evaluating strings as code wherever possible. Read over the linked document for suggested alternatives. If you are referencing the `Function` constructor without calling it, and cannot avoid continuing to do so, consider alternatives such as calling `Object.getPrototypeOf` on an existing function object.

resources/cam/data/common/js/jquery-1.7.2.js
613
614
615
( window.execScript || function( data ) {
window[ "eval" ].call( window, data );
} )( data );
`setTimeout` called in potentially dangerous manner

Warning: In order to prevent vulnerabilities, the `setTimeout` and `setInterval` functions should be called only with function expressions as their first argument.

high

Suggestions for passing automated signing:

Please do not ever call `setTimeout` or `setInterval` with string arguments. If you are passing a function which is not being correctly detected as such, please consider passing a closure or arrow function, which in turn calls the original function.

resources/cam/data/common/js/jquery-1.7.2.js
972
973
974
} catch(e) {
setTimeout( doScrollCheck, 1 );
return;
`setTimeout` called in potentially dangerous manner

Warning: In order to prevent vulnerabilities, the `setTimeout` and `setInterval` functions should be called only with function expressions as their first argument.

high

Suggestions for passing automated signing:

Please do not ever call `setTimeout` or `setInterval` with string arguments. If you are passing a function which is not being correctly detected as such, please consider passing a closure or arrow function, which in turn calls the original function.

resources/cam/data/common/js/jquery-1.7.2.js
2167
2168
2169
return this.queue( type, function( next, hooks ) {
var timeout = setTimeout( next, time );
hooks.stop = function() {
createElement() used to create script tag

Warning: Dynamic creation of script nodes can be unsafe if contents are not static or are otherwise unsafe, or if `src` is remote.

medium

Suggestions for passing automated signing:

Please avoid using <script> tags to load scripts. For potential alternatives, please see https://developer.mozilla.org/en-US/Add-ons/Overlay_Extensions/XUL_School/Appendix_D:_Loading_Scripts

resources/cam/data/common/js/jquery-1.7.2.js
8088
8089
8090
script = document.createElement( "script" );
`setTimeout` called in potentially dangerous manner

Warning: In order to prevent vulnerabilities, the `setTimeout` and `setInterval` functions should be called only with function expressions as their first argument.

high

Suggestions for passing automated signing:

Please do not ever call `setTimeout` or `setInterval` with string arguments. If you are passing a function which is not being correctly detected as such, please consider passing a closure or arrow function, which in turn calls the original function.

resources/cam/data/common/js/jquery-1.7.2.js
8692
8693
8694
function createFxNow() {
setTimeout( clearFxNow, 0 );
return ( fxNow = jQuery.now() );
`setInterval` called in potentially dangerous manner

Warning: In order to prevent vulnerabilities, the `setTimeout` and `setInterval` functions should be called only with function expressions as their first argument.

high

Suggestions for passing automated signing:

Please do not ever call `setTimeout` or `setInterval` with string arguments. If you are passing a function which is not being correctly detected as such, please consider passing a closure or arrow function, which in turn calls the original function.

resources/cam/data/common/js/jquery-1.7.2.js
8833
8834
8835
if ( t() && jQuery.timers.push(t) && !timerId ) {
timerId = setInterval( fx.tick, fx.interval );
}
`setTimeout` called in potentially dangerous manner

Warning: In order to prevent vulnerabilities, the `setTimeout` and `setInterval` functions should be called only with function expressions as their first argument.

high

Suggestions for passing automated signing:

Please do not ever call `setTimeout` or `setInterval` with string arguments. If you are passing a function which is not being correctly detected as such, please consider passing a closure or arrow function, which in turn calls the original function.

resources/cam/data/js/jquery-1.7.2.min.js
1
2
3
/*! jQuery v1.7.2 jquery.com | jquery.org/license */
... ,b)),function(){c[this]=a});return c}function cs(){cq=b}function cr(){setTimeout(cs,0);return cq=f.now()}function ci(){try{return new a.Acti ...
a){var b=F.exec(a);b&&(b[1]=(b[1]||"").toLowerCase(),b[3]=b[3]&&new RegExp("(?:^|\\s)"+b[3]+"(?:\\s|$)"));return b},H=function(a,b){var c=a. ...
`setTimeout` called in potentially dangerous manner

Warning: In order to prevent vulnerabilities, the `setTimeout` and `setInterval` functions should be called only with function expressions as their first argument.

high

Suggestions for passing automated signing:

Please do not ever call `setTimeout` or `setInterval` with string arguments. If you are passing a function which is not being correctly detected as such, please consider passing a closure or arrow function, which in turn calls the original function.

resources/cam/data/js/jquery-1.7.2.min.js
1
2
3
/*! jQuery v1.7.2 jquery.com | jquery.org/license */
... on J(){if(!e.isReady){try{c.documentElement.doScroll("left")}catch(a){setTimeout(J,1);return}e.ready()}}var e=function(a,b){return new e.fn. ...
a){var b=F.exec(a);b&&(b[1]=(b[1]||"").toLowerCase(),b[3]=b[3]&&new RegExp("(?:^|\\s)"+b[3]+"(?:\\s|$)"));return b},H=function(a,b){var c=a. ...
`setTimeout` called in potentially dangerous manner

Warning: In order to prevent vulnerabilities, the `setTimeout` and `setInterval` functions should be called only with function expressions as their first argument.

high

Suggestions for passing automated signing:

Please do not ever call `setTimeout` or `setInterval` with string arguments. If you are passing a function which is not being correctly detected as such, please consider passing a closure or arrow function, which in turn calls the original function.

resources/cam/data/js/jquery-1.7.2.min.js
1
2
3
/*! jQuery v1.7.2 jquery.com | jquery.org/license */
... n(a){if(a===!0&&!--e.readyWait||a!==!0&&!e.isReady){if(!c.body)return setTimeout(e.ready,1);e.isReady=!0;if(a!==!0&&--e.readyWait>0)return;A ...
a){var b=F.exec(a);b&&(b[1]=(b[1]||"").toLowerCase(),b[3]=b[3]&&new RegExp("(?:^|\\s)"+b[3]+"(?:\\s|$)"));return b},H=function(a,b){var c=a. ...
`setTimeout` called in potentially dangerous manner

Warning: In order to prevent vulnerabilities, the `setTimeout` and `setInterval` functions should be called only with function expressions as their first argument.

high

Suggestions for passing automated signing:

Please do not ever call `setTimeout` or `setInterval` with string arguments. If you are passing a function which is not being correctly detected as such, please consider passing a closure or arrow function, which in turn calls the original function.

resources/cam/data/js/jquery-1.7.2.min.js
1
2
3
/*! jQuery v1.7.2 jquery.com | jquery.org/license */
... (!A){A=e.Callbacks("once memory");if(c.readyState==="complete")return setTimeout(e.ready,1);if(c.addEventListener)c.addEventListener("DOMCon ...
a){var b=F.exec(a);b&&(b[1]=(b[1]||"").toLowerCase(),b[3]=b[3]&&new RegExp("(?:^|\\s)"+b[3]+"(?:\\s|$)"));return b},H=function(a,b){var c=a. ...
Access to the `Function` global

Warning: Evaluation of strings as code can lead to security vulnerabilities and performance issues, even in the most innocuous of circumstances. Please avoid using `eval` and the `Function` constructor when at all possible.

Alternatives are available for most use cases. See https://developer.mozilla.org/en-US/Add-ons/Overlay_Extensions/XUL_School/Appendix_C:_Avoid_using_eval_in_Add-ons for more information.

high

Suggestions for passing automated signing:

Please try to avoid evaluating strings as code wherever possible. Read over the linked document for suggested alternatives. If you are referencing the `Function` constructor without calling it, and cannot avoid continuing to do so, consider alternatives such as calling `Object.getPrototypeOf` on an existing function object.

resources/cam/data/js/jquery-1.7.2.min.js
1
2
3
/*! jQuery v1.7.2 jquery.com | jquery.org/license */
... );if(n.test(b.replace(o,"@").replace(p,"]").replace(q,"")))return(new Function("return "+b))();e.error("Invalid JSON: "+b)},parseXML:functio ...
a){var b=F.exec(a);b&&(b[1]=(b[1]||"").toLowerCase(),b[3]=b[3]&&new RegExp("(?:^|\\s)"+b[3]+"(?:\\s|$)"));return b},H=function(a,b){var c=a. ...
`setTimeout` called in potentially dangerous manner

Warning: In order to prevent vulnerabilities, the `setTimeout` and `setInterval` functions should be called only with function expressions as their first argument.

high

Suggestions for passing automated signing:

Please do not ever call `setTimeout` or `setInterval` with string arguments. If you are passing a function which is not being correctly detected as such, please consider passing a closure or arrow function, which in turn calls the original function.

resources/cam/data/js/jquery-1.7.2.min.js
1
2
3
/*! jQuery v1.7.2 jquery.com | jquery.org/license */
... f.fx.speeds[a]||a:a,b=b||"fx";return this.queue(b,function(b,c){var d=setTimeout(b,a);c.stop=function(){clearTimeout(d)}})},clearQueue:funct ...
a){var b=F.exec(a);b&&(b[1]=(b[1]||"").toLowerCase(),b[3]=b[3]&&new RegExp("(?:^|\\s)"+b[3]+"(?:\\s|$)"));return b},H=function(a,b){var c=a. ...
createElement() used to create script tag

Warning: Dynamic creation of script nodes can be unsafe if contents are not static or are otherwise unsafe, or if `src` is remote.

medium

Suggestions for passing automated signing:

Please avoid using <script> tags to load scripts. For potential alternatives, please see https://developer.mozilla.org/en-US/Add-ons/Overlay_Extensions/XUL_School/Appendix_D:_Loading_Scripts

resources/cam/data/js/jquery-1.7.2.min.js
3
4
... his[0]&&this[0].parentNode)return this.domManip(arguments,!1,function(a){this.parentNode.insertBefore(a,this)});if(arguments.length){var a=f
... tsByTagName("head")[0]||c.documentElement;return{send:function(f,g){d=c.createElement("script"),d.async="async",a.scriptCharset&&(d.charset= ...
`setInterval` called in potentially dangerous manner

Warning: In order to prevent vulnerabilities, the `setTimeout` and `setInterval` functions should be called only with function expressions as their first argument.

high

Suggestions for passing automated signing:

Please do not ever call `setTimeout` or `setInterval` with string arguments. If you are passing a function which is not being correctly detected as such, please consider passing a closure or arrow function, which in turn calls the original function.

resources/cam/data/js/jquery-1.7.2.min.js
3
4
... his[0]&&this[0].parentNode)return this.domManip(arguments,!1,function(a){this.parentNode.insertBefore(a,this)});if(arguments.length){var a=f
... _data(e.elem,"fxshow"+e.prop,e.end))},h()&&f.timers.push(h)&&!co&&(co=setInterval(g.tick,g.interval))},show:function(){var a=f._data(this.el ...
Access to the `Function` global

Warning: Evaluation of strings as code can lead to security vulnerabilities and performance issues, even in the most innocuous of circumstances. Please avoid using `eval` and the `Function` constructor when at all possible.

Alternatives are available for most use cases. See https://developer.mozilla.org/en-US/Add-ons/Overlay_Extensions/XUL_School/Appendix_C:_Avoid_using_eval_in_Add-ons for more information.

high

Suggestions for passing automated signing:

Please try to avoid evaluating strings as code wherever possible. Read over the linked document for suggested alternatives. If you are referencing the `Function` constructor without calling it, and cannot avoid continuing to do so, consider alternatives such as calling `Object.getPrototypeOf` on an existing function object.

bootstrap.js
32
33
34
const bind = Function.call.bind(Function.bind);
Access to the `Function` global

Warning: Evaluation of strings as code can lead to security vulnerabilities and performance issues, even in the most innocuous of circumstances. Please avoid using `eval` and the `Function` constructor when at all possible.

Alternatives are available for most use cases. See https://developer.mozilla.org/en-US/Add-ons/Overlay_Extensions/XUL_School/Appendix_C:_Avoid_using_eval_in_Add-ons for more information.

high

Suggestions for passing automated signing:

Please try to avoid evaluating strings as code wherever possible. Read over the linked document for suggested alternatives. If you are referencing the `Function` constructor without calling it, and cannot avoid continuing to do so, consider alternatives such as calling `Object.getPrototypeOf` on an existing function object.

bootstrap.js
32
33
34
const bind = Function.call.bind(Function.bind);
Access to the `Function` global

Warning: Evaluation of strings as code can lead to security vulnerabilities and performance issues, even in the most innocuous of circumstances. Please avoid using `eval` and the `Function` constructor when at all possible.

Alternatives are available for most use cases. See https://developer.mozilla.org/en-US/Add-ons/Overlay_Extensions/XUL_School/Appendix_C:_Avoid_using_eval_in_Add-ons for more information.

high

Suggestions for passing automated signing:

Please try to avoid evaluating strings as code wherever possible. Read over the linked document for suggested alternatives. If you are referencing the `Function` constructor without calling it, and cannot avoid continuing to do so, consider alternatives such as calling `Object.getPrototypeOf` on an existing function object.

bootstrap.js
32
33
34
const bind = Function.call.bind(Function.bind);
Reference to critical user profile data

Warning: Critical files in the user profile should not be directly accessed by add-ons. In many cases, an equivalent API is available and should be used instead.

low

Suggestions for passing automated signing:

Please avoid touching files in the user profile which do not belong to your add-on. If the effects that you are trying to achieve cannot be replicated with a built-in API, we strongly encourage you to remove this functionality.

bootstrap.js
253
254
255
main: main,
prefsURI: rootURI + 'defaults/preferences/prefs.js'
});
Access to the `eval` global

Warning: Evaluation of strings as code can lead to security vulnerabilities and performance issues, even in the most innocuous of circumstances. Please avoid using `eval` and the `Function` constructor when at all possible.

Alternatives are available for most use cases. See https://developer.mozilla.org/en-US/Add-ons/Overlay_Extensions/XUL_School/Appendix_C:_Avoid_using_eval_in_Add-ons for more information.

high

Suggestions for passing automated signing:

Please try to avoid evaluating strings as code wherever possible. Read over the linked document for suggested alternatives. If you are referencing the `Function` constructor without calling it, and cannot avoid continuing to do so, consider alternatives such as calling `Object.getPrototypeOf` on an existing function object.

resources/cam/data/common/js/jquery-ui-1.8.21.custom.js
7161
7162
7163
try {
inlineSettings[attrName] = eval(attrValue);
} catch (err) {

Localization Tests

0 errors, 0 warnings, 0 notices
All tests passed successfully.

Compatibility Tests

0 errors, 0 warnings, 0 notices
All tests passed successfully.