Checking the Firefox bugs on this, it seems they decided to replace the C++ libj...

capitainenemo · 2026-01-21T21:19:22 1769030362

... update. after reading the comments in the rust migration security bug, I saw they mentioned "only building in nightly for now"

I grabbed the nightly firefox, flipped the jxl switch, and it does indeed render fine, so I guess the rust implementation is functioning, just not enabled in stable.

... also, I see no evidence that it was ever enabled in the stable builds, even for the C++ version, so I'm guessing Zen just turned it on. Which... is fine, but maybe not very cautious.

awestroke · 2026-01-21T22:07:40 1769033260

zen browser is pretty much vibe coded

nar001 · 2026-01-22T12:02:54 1769083374

Do you have any proof/more about this? I've never heard this claim and I'd like to know more

awestroke · 2026-01-23T15:24:49 1769181889

1. Zen Browser had remote debugging enabled by default and disabled the security prompt for it. Extreme incompetence or malice? https://github.com/zen-browser/desktop/pull/927

2. Social trackers are selectively allowed, unsigned extensions are enabled by default, and Enhanced Tracking Protection isn't fully implemented.

There's just a theme of incompetence, trying to cover it up and just in general being clueless about security.

bpbp-mango · 2026-01-22T08:05:38 1769069138

good. image parsing has produced so many bad RCEs.

rkangel · 2026-01-22T10:23:13 1769077393

Google Chrome is using a Rust implementation. The existence and sufficient maturity of it is the reason they were willing to merge support in the first place.

illiac786 · 2026-01-22T20:57:20 1769115440

Hmmm, check the jxl-rs repository. I wouldn’t call it mature. Not to say it’s buggy, but most of its code is very fresh.