On Tuesday, May 31, 2011 04:52:02 PM Graeme Gill wrote:
> Alastair M. Robinson wrote:
> > It's very useful if you want to use a LUT profile (say you want to use
> > gamut-mapping on an LCD with poor blacks) but also want Firefox to be
> > colour-managed.
> I'm wondering what would happen if someone submitted a patch
> to Firefox that fixes their ICC problems by restoring lcms(2).
> Is there any way of fighting the bogus claims that lcms is insecure ?
> Graeme Gill.

If I remember correctly the supposed lcms security issue was the original 
reason that was floated for not using lcms in firefox but later there were 
claims that there were also performance issues with lcms.  I know on my system 
I didn't notice that the versions that used lcms were slower than the 
subsequent versions that did not but perhaps this was noticable on lower end 

I suspect that they would resist "regressing" back to using lcms.  But lcms2 
is faster than lcms1 and the "security issue" in lcms1 was fixed within hours 
of being reported and there are absolutely no reports of the "security issue" 
being exploited.  So it was more or less a non-issue.

I don't think it would be difficult to write a patch to revert firefox to lcms2.  
I think it would put a lot of pressure on them if they had an open bug report 
about the problems with their internal CM stuff with a patch that fixed it by 
using lcms2 to either accept the patch and revert to lcms2 or actually fix 
their own code.

