Mozilla released Firefox 53 update last week, introducing a new browser engine and patching 39 vulnerabilities in the open-source web browser.
The new browser technology in Firefox 53 is known as Project Quantum and is a multipart effort to accelerate and improve the web browsing experience for users. The Project Quantum component included in Firefox 53 is known as the Quantum Compositor, which helps reduce the number of browser crashes due to graphics issues.
With the Quantum Compositor, graphics rendering is now done separately from the main Firefox process. Mozilla’s early testing for the Quantum Compositor found it reduces the number of browser crashes by 10 percent.
In addition to the browser improvements, Mozilla patched 39 security vulnerabilities in the Firefox 53 update. Of those 39 vulnerabilities, Mozilla rated seven of them as critical.
As with nearly all Firefox updates, one of the critical vulnerability updates deals with memory safety bugs.
Among the other critical vulnerabilities patched in Firefox 53, two are use-after-free memory vulnerabilities (CVE-2017-5435 and CVE-2017-5433). Two other critical vulnerabilities are out-of-bounds memory errors (CVE-2017-5436 and CVE-2017-5461), plus a critical buffer overflow issue (CVE-2017-5459) ended up patched.
Beyond the critical issues that Mozilla fixed, it also patched three sandbox escape issues (CVE-2017-5454, CVE-2017-5455 and CVE-2017-5456) in Firefox 53 rated as having high impact. The Firefox sandbox is intended to restrict the ability of a given process to access areas of a system outside of the process sandbox.
Firefox 53 also introduces two new user interface themes. The Compact Light theme provides users with a more compact, smaller user interface using the default Firefox color scheme. The Compact Dark theme also has a compact user interface, but it provides a darker color scheme for night browsing.
A fire raced through the ductwork of a food processing plant in South Los Angeles, eventually burning through the roof and forcing firefighters to fight the flames from outside the structure before gaining control of the blaze.
More than 170 firefighters battled the fire at a food processing plant in the Central-Alameda neighborhood of South Los Angeles last Monday night, until officials declared a knockdown three hours later, just after 11 p.m.
Employees were inside the building when the fire started, but firefighters could not immediately confirm the number of people.
Firefighters got the call shortly after 8 p.m. at 4020 South Compton Ave., according to the Los Angeles Fire Department. The building is a food processing plant called Proportion Foods, which processes ground beef.
Fifteen-foot flames shot up due to an “active gas leak” inside the structure, said LAFD spokeswoman Margaret Stewart.
Two HazMat Task Forces were working to identify the chemicals in and around the structure.
“Some explosions have been heard which are likely propane tanks on forklifts inside the structure,” Stewart said.
Fire officials asked neighbors to close their doors and windows as the fire raged on.
Any workers present evacuated safely. There were no injuries reported in the incident.
Crews remained on scene early Tuesday to monitor hot spots, and were looking to conduct salvage and overhaul operations, Stewart said.
Members of the LAFD’s Arson Unit were also expected to remain on scene to investigate the cause, she said.
More than 400 employees who work at the plant faced an uncertain future Tuesday. Although some saw the fire on the news, others arrived ready to work to find half of the 75,000-square foot plant went up in flames.
An employee safety program worked like clockwork after a dust collector fire broke out in the buffing unit of Zippo Manufacturing Co.’s Bradford, PA, factory last Monday night, prompting the evacuation of the facility, officials said.
Firefighters responded to initial reports of a trash can fire at the facility at 6:30 p.m., finding the fire was contained to the dust collection system.
“The dust collector is on the exterior of the building,” said Mark Paup, president and chief executive of Zippo Manufacturing. “The reason why it originally appeared to be worse, we think, is because so much smoke entered the facility.”
Following the plant’s protocol, employees evacuated the facility during the incident. The factory was clear of smoke after about 90 minutes. After firefighters cleared areas of the plant, employees were able to reenter.
“Damage was contained to the exterior dust collector,” said Paup, explaining that suppression systems in place at the facility helped keep the flames from spreading.
Operations resumed as normal on Tuesday.
“We pride ourselves in ‘safety is number one,’ and it worked tonight,” Paup said.
Paup praised the quick response by employees, who followed protocol for evacuating the building, and the others whose job it is to respond to emergency situations like fires.
“All procedures were followed,” he said. “I’m very, very pleased that everyone is safe.”
“Obviously my first concern is to make sure it is safe before anyone goes back into that facility,” Paup said, adding safety officers made sure the fire department was “totally comfortable before anyone went back in.”
Zippo’s head of operations, safety and manufacturing were at the scene shortly after the call.
“Everyone will be back to work tomorrow,” Paup said. “Operations will be normal.”
While the dust collector was damaged, there are redundancies in place, he added.
“Damage was contained to the exterior dust collector,” he said, noting suppression systems worked exactly as they were supposed to.
“We were assisted by the prompt response of the Bradford Township Fire Department,” Paup said, adding, “they were here within minutes … so quick. They do an amazing job. It really punctuates the importance of having those guys in the community. They did a phenomenal job.”
Zippo manufacturers and sells lighters, pocket knives, money clips, and writing instruments
A conveyor belt fire broke out at a Greenville, TN, asphalt plant Monday night, and the flames ended up extinguished just before they reached a fuel tank, fire officials said.
The fire originated on a conveyor belt in a building at the plant, said Grant Summers, president of the Summers-Taylor asphalt plant.
Firefighters responded to the scene at 9 p.m. Monday, dousing the fire as it neared a 10,000 to 15,000 gallon fuel tank.
“A large volume of fire was rolling up, and I could tell that it was very dark, black smoke, so I didn’t really know what I had,” said Paul Frutiger of the Midway Volunteer Fire Department when he first arrived on the scene. “I kept everybody back until I had an idea what was burning.”
No one was working at the site when the fire broke out and no one suffered an injury in the incident.
“I would say the fire was pretty much controlled within 30 minutes of us arriving on scene,” Lt. Bobby Carter of the Mosheim Volunteer Fire Department told the Sun.
The cause of the fire remains under investigation.
By Gregory Hale
When Mike Broadribb talks about safety, he talks from experience. No, not just the kind of experience you get when you work in the industry for four decades, but the first person living through some serious plant accidents.
When he talks safety, it resonates.
Broadribb, senior principal consultant at BakerRisk, talked about two chilling incidents he was a part of during his talk Tuesday at the AICHE Spring Meeting and 13th Global Congress on Process Safety in San Antonio, TX.
One incident was a case of two fires with a Fluidized Catalytic Cracking Unit. He got a call one Saturday night from the refinery’s operators saying there was a fire from the preheater. Shift workers suspected a furnace tube failure. So, the solution was to isolate the fuel and feed lines on either side of the preheater. The goal was to depressurize the feed line. However, there was a build up of light hydrocarbon in the deodorizer effluent drum that siphoned over the preheater. The boxed in feed lines now over pressurized. The end result was two fires broke out and the control room, where he was working the problem, had flames breaking through. They were finally able to quell the issue. But it was a close call for his life.
The second incident was also with a Fluidized Catalytic Cracking Unit. When the incident occurred, the unit was in the process of starting up. “I had been working long hours and I was under pressure to get this unit started up because everything at the plant depended on this unit running.”
On the last day of the start up, Broadribb was doing a one-man PSSR (pre startup safety review) in addition to doing other tasks and they were getting ready for blank removal.
They were warming up the unit with steam when the workers removing the blank were saying there was too much and they should reduce the amount. They reduced the steam and the blank ended up lifted out. The pipefitter was trying to clean the flange faces when he found one of the riggers collapsed and then Broadribb heard some yelling and screaming so he went out to investigate and it turned out the pipefitter collapsed. As he was running to the scene, which was at least three stories up, an instrument foreman collapsed and fell on Broadribb from the foor above.
At that moment, Broadribb thought there was a gas leak. When rescue workers got to the scene they went up to the sixth floor area where other workers collapsed. They had breathing apparatus gear, but they were not using it. That led to four rescue works collapsing.
They called emergency services and people were running to the scene, some the breathing apparatus and some with not. In all, four people initially suffered injuries and four more rescue workers ended up injured, but all survived.
Case in Point
It turned out a pressure control valve, PCV5, ended up open to flare when it should have been closed while the blank removed. It also turned out a tailgas ended up shut off and it was routing back to the flare. The gas routing back was hydrogen sulfide (H2S), which is a colorless gas with the characteristic foul odor of rotten eggs and is heavier than air, very poisonous, corrosive, flammable and explosive. With the flare venting, it was sending out the H2S and the workers were dropping.
All eight workers ended up overcome by the gas and had to undergo treatment to recover. “We were very lucky,” he said.
A major crisis ended up averted, however, injuries ensued.
Broadribb talked about lessons learned:
• There should be one single competent person in charge of critical tasks
• There should be positive isolation when breaking critical containment
• There should be procedures for infrequent operations (like a startup)
• Share abnormal operations knowledge
• “It’s never happened before” is not a good excuse
• There should be a proper PSSR done and not one done while doing other tasks
• Too much going on for proper control.
“When you are doing a startup, you don’t want non-essential personnel on the site,” Broadribb said.
By Gregory Hale
Sometimes you can reach your goal by starting from nothing and cobbling together thoughts and ideas piece by piece by piece until it makes connections and the result is a final product.
There is no initial vision, but that comes together after working and living through the experience. Kind of a Monday morning quarterback thing.
Other times there is a vision from the top or someone that had an idea and simply says, here is a plan, let’s execute on it and it will help us move forward.
No matter how it comes together, the end result is the mission. When it comes to security, it is amazing how quickly professionals can get mired in the muck of everyday experiences and lose sight of what that mission truly is.
That big picture of every manufacturer is to keep systems up and running, producing product and safeguarding intellectual property and keeping everyone safe. Pretty simple, right?
Security today compared to five years ago – and maybe even a year if you talk to some industry experts – is night and day. Not quite where the industry should be, but further advanced than it was.
“For years we admired the problem. Today, it is not uncommon when you buy a controller there are more secure enhancements,” said Mike Assante, Industrial & Infrastructure Practice ICS/SCADA lead at the SANS Institute, during his keynote at the SANS ICS Security Summit in Orlando, FL, Monday. “Fundamentally, security is being designed into control elements. There are more areas where security has to catch up, but we are getting there. Over time, we saw a combination of skill sets. There is progress.”
The days of only adding security in to a proposal only if you are asked about it are long gone because end users are expecting it to be in the solution.
“More companies are putting it in the safety category,” Assante said.
But in this changing landscape, “it is not a question of progress, but can we keep pace. In a changing landscape, models are changing, we are dynamic. This the main event. More companies are moving toward digital technologies.”
What people used to say was the potential for attacks is now falling in line with real attacks on real critical infrastructure.
Use the most recent attack in the Ukraine as a case in point. In that attack, civilians lost power for just over an hour after a cyber attack against the utility.
“The stakes are growing with expanding attack surfaces,” Assante said. “We understand how exposed we are in the architectures. We have seen a shift in motivations and diversity of attacks. We have always known they were possible now we are seeing them demonstrated. We are seeing attacks that are damaging devices at the firmware level.”
With the Ukraine attacks used as a barometer, Assante said the security industry has to fall back and use the growth and stability of the safety movement as an aid.
“We have done incredible things with safety. We have dealt well with accidents, storms and errors. Now the biggest challenge is in the cyber domain. The complexity and the level of abstraction has been difficult to see. Complexity and abstraction of software is creating a challenge. I think we are up to the challenge.”
One person living that challenge every day is Sanford Rice, SCADA system developer at Atmos Energy Corporation, a gas pipeline company.
Rice, a control engineer by trade and a relative newcomer to security, talked about tips for those new to ICS security: “Don’t panic.”
He also laid out a few basic ideas for starting a security program:
• Start with basics
• Adopt a culture, treat security like safety
• Learn how to talk the talk
“Our mission is to provide information and keep it safe. Our system is designed to be static. Our system does not change, it is simple. We are on the low end of utilization and load.”
What is interesting is Atmos knows security is a big issue and they are not afraid to invest.
“We have implemented more changes in security than we have in operability and usability,” Rice said.
In terms of technology, Rice does not have to go out and reinvent the wheel all the time.
“COTS (commercial off the shelf) can help. We have been successful along the way and found people that can help. We have used IT solutions to make improvements.”
A slipped belt which caused friction resulted in a fire that burned through a conveyor belt Thursday at the nearly dormant Nippon Paper Industries USA mill in Port Angeles, WA.
Mill employees reported the fire near the top of the mill’s cogeneration plant at 7 p.m. Thursday, Port Angeles Fire Department Capt. James Mason said Friday.
There were no injuries in the incident, officials said.
“The monetary damage is negligible,” mill manager Steve Johnson said Friday.
Johnson said the cogeneration plant went offline Thursday night, and operation was to resume Saturday morning after workers repaired the belt.
“We are finalizing our investigation, but the preliminary cause appears to be friction-generated heat caused by belt slipping on the drive pulley,” he said.
The fire department got the call after smoke became visible from the top of the conveyor belt that moves biomass cogeneration boiler fuel to the conical silo at the plant.
The fire department responded with an engine and a 100-foot aerial ladder truck, Mason said.
The fire ended up extinguished with pressurized water containers and a fire extinguisher.
The paper mill, which had employed 105 hourly workers, shut down Jan. 21, but a skeleton maintenance crew is on duty and the cogeneration plant, which produces steam for the mill and electricity for sale, is still in operation.
The mill will close completely at the end of March while its new owner, McKinley Paper Co., a U.S. subsidiary of Mexico-based Bio Pappel, retrofits the facility.
Herb Baez, McKinley’s vice president of operations, said the mill’s cogeneration plant will restart when the mill retools and begins manufacturing recycled containerboard.
The plant, owned by Nippon Paper Industries of Tokyo, produced lightweight paper, newspaper stock and telephone-book paper.
Baez said that once the mill shuts down completely, it may not start up again until spring 2018.
Earlier estimates had put the shutdown at six months to a year.
“It’s looking like it will probably be at least a year,” Baez said, adding a study is underway on the cost of retrofitting the plant.
The plant had two operating paper machines until one shut down in December 2014.
A stuck valve caused the tap water in a small Canadian town to turn pink this week.
The water started running a bright fuchsia color Monday night after a problem at the water treatment plant at Onoway, a town of 1,000 people in Alberta province.
A stuck valve that allowed an excess amount of potassium permanganate into the town’s water distribution center may have been to blame, according to Mayor Dale Krasnow.
Potassium permanganate is a common water-treatment chemical used to remove bad tastes and odors from drinking water — but too much of it can turn water pink or purple.
Experts say it can cause skin burns as well as throat and abdominal pain if it is swallowed.
Krasnow said there was no public health risk but admitted town officials could have “done a better job of communicating what was going on.”
“While it is alarming to see pink water coming from your taps, potassium permanganate is used in normal treatment processes to help remove iron and manganese and residents were never at risk,” he said.
Krasnow said the town was flushing its water distribution system and encouraged residents to run their taps until the water was clear.