Comment by capitainenemo
19 days ago
Checking the Firefox bugs on this, it seems they decided to replace the C++ libjxl with a rust version which is a WIP, to address security concerns with the implementation. All this started a few months ago.
Maybe the zen fork is a bit older and still using the C++ one?
... update. after reading the comments in the rust migration security bug, I saw they mentioned "only building in nightly for now"
I grabbed the nightly firefox, flipped the jxl switch, and it does indeed render fine, so I guess the rust implementation is functioning, just not enabled in stable.
... also, I see no evidence that it was ever enabled in the stable builds, even for the C++ version, so I'm guessing Zen just turned it on. Which... is fine, but maybe not very cautious.
zen browser is pretty much vibe coded
Do you have any proof/more about this? I've never heard this claim and I'd like to know more
1 reply →
good. image parsing has produced so many bad RCEs.
Google Chrome is using a Rust implementation. The existence and sufficient maturity of it is the reason they were willing to merge support in the first place.
Hmmm, check the jxl-rs repository. I wouldn’t call it mature. Not to say it’s buggy, but most of its code is very fresh.