DOCSLIB.ORG

2015 Product Catalog

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
2015 Product Catalog EYE, HEAD & FACE PROTECTION Certified to ISO 9001:2008 Protective Eyewear 4 Sellstrom Manufacturing Company has been a leader in protecting the world's Equipment & Lens Cleaning Stations 14 workforce since 1923. Maintaining that leadership position necessarily entails Germicidal Monitor Cabinet 15 continuous attention to improving processes in all areas of the Company. Spill Control Station 15 Sellstrom developed a quality management system, to ensure that Protective Goggles 16 manufacturing procedures and product quality were constantly advancing. Protective Mini Goggles 19 Family Owned for Over 90 Years Meeting the requirements for ISO 9001:2008 certification—which Sellstrom Protective ArcFlash Faceshields 20 achieved as a continuation of ISO 9001:2000 in 2000—was largely a matter of Protective Faceshields 22 Sellstrom Manufacturing Company, located in Schaumburg, Illinois, has been training employees in ISO procedures and modifying the existing system to Hard Hats 28 a family owned leading manufacture r of personal safety equipment for conform to the most current ISO standards. 90 years. The original company, established in 1923 as Excell Sales Company, Adapters & Accessories 29 was located on North Clark Street in Chicago. G.E. Sellstrom (shown right) The ISO 9001:2008 certification from ABS Quality Evaluations (an and his wife, Ellen, were the founders. In the beginning, the principal product ISO registrar) serves as an impartial appraisal of Sellstrom's GENERAL SAFETY manufactured was a green "eyeshade" that reduced glare both indoors quality management system. This achievement affirms Hearing Protection 30 and outdoors. Early customers were barbers, office workers and picnickers. Sellstrom's conformance with the standards set forth by Knee Pads 30 the International Organization for Standardization, and Over the years, other products followed and the Company began to manufacture a full line of sunglasses, acknowledges the Sellstrom commitment to meeting the needs motorcycle goggles and lenses for taillights, flashlights and more. During World War II, Sellstrom's total and requirements of its customers in the global marketplace. WELDING PROTECTION product line went toward the war effort in developing welding helmets, faceshields, welding goggles and Welding Helmets 31 ® ® ® ™ more. In 1997, Sellstrom acquired RTC Fall Protection. For over 30 years, RTC & RTC Custom Solutions has ISO certification requires ongoing evaluation. ABS Quality Evaluations continues Specialty Welding Helmets 31 been providing high quality, turnkey custom solutions for customers. The founder of RTC (Research Trading to review Sellstrom Manufacturing Company on a semi-annual basis to ensure Adapters & Accessories 41 Corporation) was one of the original fall protection pioneers and virtually invented the concept of Safety that the quality systems are maintained. Every aspect of our business—including Auto-Darkening Filters 42 Engineering and introduced a scientific orientation to understanding the influence of mechanic forces on product development and design, production, testing and quality control, Filter/Cover Plates 43 personal safety. packaging, shipping, customer interaction and customer satisfaction—is closely General Information & Shade Selection Chart 45 monitored to ensure conformity with ISO standards. Our continued compliance Welding Goggles 46 Sellstrom Manufacturing Company has grown to be one of the foremost family held personal protective assures that we will provide the highest-quality products and services possible. FM Approved Welding Fabrics 48 manufacturers in the nation. Sellstrom is committed to providing their customers high quality products and the best service, all at competitive prices. In June 2012, Sellstrom moved to their new, state-of-the-art High Temp Fabric & Blankets 50 Standards, Marks and Certifications ® facility in Schaumburg, Illinois and continues to grow. Cepro Welding Curtains, Screens & Tent 52 Sellstrom products meet rigorous standards for quality and safety performance. Welding Curtains & Screens 54 The American National Standards Institute (ANSI) and the Occupational Safety Portable Welding Screen 54 How to Order and Health Act (OSHA) are currently the popular twin criteria impacting Leading distributors throughout the world stock and sell Sellstrom products. For information on your nearest American industrial safety. Sellstrom products, with such exceptions as noted, EMERGENCY FIRE BLANKETS Sellstrom distributor, call SMC/RTC Customer Service Department at 1.800.323.7402 or 1.847.358.2000 or are developed and tested to meet the requirements of these standards as well Emergency Fire & Welding Blankets 56 email [email protected]. as several other standards or certifications listed below. Product specifications Emergency Fire Blanket Cabinets 56 are subject to change without notice. EYE/FACE WASH & SHOWERS Sellstrom Manufacturing is proudly affiliated with: ANSI American National Standards Institute Emergency Eyewash General Information 58 ARA American Rental Association Information about ANSI standards can be found at www.ansi.org Portable & Personal Eyewash Units 58 ASSE American Society of Safety Engineers ASTM ASTM International Faucet Mounted & Drench Hose Units 59 AWS American Welding Society Information about ASTM standards can be found at www.astm.org Mounted Eye & Face Wash Units 60 DPA Distributor Partners of America CE Conformance European (Communauté Européenne or Conformité Européenne) Emergency Drench Shower Units 61 GAWDA Gases & Welding Distributor Association Information about CE standards can be found at ulstal.com Emergency Shower Units & Stations 61 IDC Independent Distributor Cooperative CSA Canadian Standards Association ISEA International Safety Equipment Association Information about CSA standards can be found at www.csa.ca FALL PROTECTION ISMA Industry Supply Manufacturers Association CUL Underwriters Laboratories Canada Inc. RTC® Fall Protection is a trademark of Sellstrom IWDC Independent Welding Distributors Cooperative Information about CUL standards can be found at ulc.ca Manufacturing Company. RTC® offers a full line of NSC National Safety Council ETL Intertek Testing Services fall protection and engineered systems, all SEDA Safety Equipment Distributors Association Information about ETL standards can be found at ulstal.com extensively tested to meet or exceed all mandated SMG Safety Marketing Group NFPA National Fire Protection Association safety requirements. STAFDA Specialty Tools & Fasteners Distributors Association Information about NFPA standards can be found at www.nfpa.org RTC® Fall Protection 62 UL Underwriters Laboratories Inc. G.E. Sellstrom (center) with his son Roger Sellstrom (left) and V.P. of Sales, Information about UL standards can be found at ulstandardsinfonet.ul.com Vern Clauson (right) at a Sales Meeting in Palatine, Illinois in 1962. FM Factory Mutual Standards Information about Factory Mutual standards can be found at fmapprovals.com PAGE 2 l PAGE 3 l 1.800.323.7402 www.sellstrom.com Malibu Jack™ MJ15 Features ™ ™ Malibu Jack™ MJ16, 17 & 20 • Anti-scratch UV absorbing Features polycarbonate lens provides MALIBU JACK MJ15 MALIBU JACK MJ16, MJ17 & • Anti-scratch UV absorbing outstanding impact strength polycarbonate lens provides and optical clarity for rugged & MJ20 SERIES MJ18 SERIES outstanding impact strength industrial protection and optical clarity for rugged • Four lens tint options for indoor Safety eyewear for work environments that require optimal performance and industrial protection and outdoor work environments • Provides 99.9% UV Protection versatility. The MJ15 Malibu Jack™ Series & MJ20 Malibu Jack™ Series are stylish and only where normal to low light • Rubberized straight temple conditions exist the highest quality eye protection. tips relieve pressure from the • Polarized lens option ideal for temples and back of ears and indoor and outdoor work hold eyewear in place environments such as • Reduce glare, eye strain and construction, utility works, fatigue with the blue mirror transportation, etc. lens option • Provides 99.9% UV Protection • Great wrap-around style • Straight temple tips relieve provides a secure, pressure from the temples and comfortable fit back of ears The ideal solution for • Nose bridge prevents eyewear • Reduce glare, eye strain and construction workers! from shifting and/or sliding fatigue with the indoor-outdoor • Meets ANSI Z87.1+ High mirror lens option Durable, attractive eyewear for demanding work environments. The new Impact Standards • Great wrap-around style offers MJ16 Malibu Jack™ Series, MJ17 Malibu Jack™ Series, & MJ18 Malibu Jack™ Series a secure, comfortable fit are a great option, providing several features to fit any job. • Soft, padded nose bridge provides a comfortable, secure fit • Meets ANSI Z87.1+ High Impact Standards Malibu Jack™ MJ20 Features • Anti-scratch UV absorbing polycarbonate lens provides outstanding impact strength and optical clarity for rugged industrial protection • Three lens tint options for ™ indoor and outdoor work Malibu Jack Eyewear environments where normal to MJ15 Series low light conditions exist 70801 Black Frame / Clear Lens • Blue mirror lens option ideal for 70811 Black Frame / Smoke Lens ™ Polarized Lens Kit Available outdoor work environments, and 70821 Black Frame / Indoor-Outdoor Mirror Lens Malibu Jack Eyewear for indoor work environments 70861 Black Frame / Polarized Lens MJ16 Series where fluorescent light 70863 70861 Eyewear in Padded Hard Eyewear
Load more

Recommended publications
  • On the Incoherencies in Web Browser Access Control Policies
    On the Incoherencies in Web Browser Access Control Policies Kapil Singh∗, Alexander Moshchuk†, Helen J. Wang† and Wenke Lee∗ ∗Georgia Institute of Technology, Atlanta, GA Email: {ksingh, wenke}@cc.gatech.edu †Microsoft Research, Redmond, WA Email: {alexmos, helenw}@microsoft.com Abstract—Web browsers’ access control policies have evolved Inconsistent principal labeling. Today’s browsers do piecemeal in an ad-hoc fashion with the introduction of new not have the same principal definition for all browser re- browser features. This has resulted in numerous incoherencies. sources (which include the Document Object Model (DOM), In this paper, we analyze three major access control flaws in today’s browsers: (1) principal labeling is different for different network, cookies, other persistent state, and display). For resources, raising problems when resources interplay, (2) run- example, for the DOM (memory) resource, a principal is time changes to principal identities are handled inconsistently, labeled by the origin defined in the same origin policy and (3) browsers mismanage resources belonging to the user (SOP) in the form of <protocol, domain, port> [4]; but principal. We show that such mishandling of principals leads for the cookie resource, a principal is labeled by <domain, to many access control incoherencies, presenting hurdles for > web developers to construct secure web applications. path . Different principal definitions for two resources are A unique contribution of this paper is to identify the com- benign as long as the two resources do not interplay with patibility cost of removing these unsafe browser features. To do each other. However, when they do, incoherencies arise. For this, we have built WebAnalyzer, a crawler-based framework example, when cookies became accessible through DOM’s for measuring real-world usage of browser features, and used “document” object, DOM’s access control policy, namely the it to study the top 100,000 popular web sites ranked by Alexa.
    [Show full text]
  • Eye Safety Tool Box Talk
    Instructor : Use the guidance questions on the left to promote discussion of the eye safety issues at your work site. You should include those questions marked with *** and a selection of the remaining questions that apply to your work site. The limited information on the right is designed to provide the background information needed in each section of the toolbox talk. It may be supplemented with other materials and samples of the eye protection available at your work site. This discussion is expected to take ~15-30 minutes or more. Involve your workers in the discussion. Instructor Questions and Discussion Highlights Guidance ***How many work-related eye Key Points injuries are there each day? • ~2000 eye injuries occur everyday at work in the US Go over Key Points • Construction workers have one of the highest eye injury rates • Particles of dust, metal, wood, slag, drywall, cement etc. are the most common Ask if anyone has ever had an eye source of eye injury to carpenters injury or knows someone who did • Even “minor” eye injuries can cause life-long vision problems and suffering–a simple scratch from sawdust, cement, or drywall can cause corneal erosion that is Ask them to describe the injury event recurrently painful • Hammering on metal which gives off metal slivers and the rebounding of the Ask for ideas about how it could have ordinary nail are two of the most common causes of vision loss in construction been avoided workers ***What are the eye hazards at your Potential Eye Hazard Examples site? • Hammering, grinding, sanding,
    [Show full text]
  • Using Replicated Execution for a More Secure and Reliable Web Browser
    Using Replicated Execution for a More Secure and Reliable Web Browser Hui Xue Nathan Dautenhahn Samuel T. King University of Illinois at Urbana Champaign huixue2, dautenh1, kingst @uiuc.edu { } Abstract Unfortunately, hackers actively exploit these vulnerabil- ities as indicated in reports from the University of Wash- Modern web browsers are complex. They provide a ington [46], Microsoft [61], and Google [49, 48]. high-performance and rich computational environment Both industry and academia have improved the se- for web-based applications, but they are prone to nu- curity and reliability of web browsers. Current com- merous types of security vulnerabilities that attackers modity browsers make large strides towards improving actively exploit. However, because major browser plat- the security and reliability of plugins by using sandbox- forms differ in their implementations they rarely exhibit ing techniques to isolate plugins from the rest of the the same vulnerabilities. browser [62, 33]. However, these browsers still scatter In this paper we present Cocktail, a system that uses security logic throughout millions of lines of code, leav- three different off-the-shelf web browsers in parallel to ing these systems susceptible to browser-based attacks. provide replicated execution for withstanding browser- Current research efforts, like Tahoma [32], the OP web based attacks and improving browser reliability. Cock- browser [36], the Gazelle web browser [59], and the Illi- tail mirrors inputs to each replica and votes on browser nois Browser Operating System [58] all propose build- states and outputs to detect potential attacks, while con- ing new web browsers to improve security. Although tinuing to run.
    [Show full text]
  • Honeywell Safety Products Eye, Face, Head & Welding I Eyesight Is an Essential Sense and Deserves to Be Protected
    Honeywell Safety Products Eye, Face, Head & Welding I Eyesight is an essential sense and deserves to be protected 44 www.honeywellsafety.com Honeywell Safety Products Eye, Face, Head and Welding Protection Every year, thousands of people suffer eye accidents in their workplace. 90% of these WHAT TYPE OF PROTECTION accidents can be avoided if suitable eye, face, head and welding protection is used. SHOULD YOU CHOOSE? Honeywell protective Eye, Face, Head and Welding Protection is designed not only to fulfil the primary function of effective protection, but also to make the products easy to wear, comfortable and suitable for every user. SAFETY SPECTACLES Protection for the eyes against: We realize that keeping people safe begins with a commitment to exceeding safety • low energy impacts (mechanical resistance standards an embracing change to create a Culture of Safety. We are about inspiring for an impact of up to 45 m/s). safety in the minds of workers everywhere. • harmful rays: Ultraviolet (UV) / Infrared (IR). GOGGLES Protection for the eyes against: • medium energy impacts (mechanical resistance for an impact of up to 120 m/s). • the risk of intrusion by dust, fine particles or Advanced coating technology from Honeywell p. 48 harmful chemical products (liquids, sprays, gas). • the risks from molten metal projections. Lens tint selector p. 49 • harmful rays (UV / IR). Safety spectacles - Choose your Need! p. 50 FACE SHIELDS Protection for the eyes and face against: I Adjust for me! p. 50 • medium and high energy impacts from sparks or solid bodies, plus projections (liquids, molten I Put it on & Go! p.
    [Show full text]
  • HTTP Cookie - Wikipedia, the Free Encyclopedia 14/05/2014
    HTTP cookie - Wikipedia, the free encyclopedia 14/05/2014 Create account Log in Article Talk Read Edit View history Search HTTP cookie From Wikipedia, the free encyclopedia Navigation A cookie, also known as an HTTP cookie, web cookie, or browser HTTP Main page cookie, is a small piece of data sent from a website and stored in a Persistence · Compression · HTTPS · Contents user's web browser while the user is browsing that website. Every time Request methods Featured content the user loads the website, the browser sends the cookie back to the OPTIONS · GET · HEAD · POST · PUT · Current events server to notify the website of the user's previous activity.[1] Cookies DELETE · TRACE · CONNECT · PATCH · Random article Donate to Wikipedia were designed to be a reliable mechanism for websites to remember Header fields Wikimedia Shop stateful information (such as items in a shopping cart) or to record the Cookie · ETag · Location · HTTP referer · DNT user's browsing activity (including clicking particular buttons, logging in, · X-Forwarded-For · Interaction or recording which pages were visited by the user as far back as months Status codes or years ago). 301 Moved Permanently · 302 Found · Help 303 See Other · 403 Forbidden · About Wikipedia Although cookies cannot carry viruses, and cannot install malware on 404 Not Found · [2] Community portal the host computer, tracking cookies and especially third-party v · t · e · Recent changes tracking cookies are commonly used as ways to compile long-term Contact page records of individuals' browsing histories—a potential privacy concern that prompted European[3] and U.S.
    [Show full text]
  • Lime Rock Gazette
    L 1M E R 0 C K GAZETTE. DEVOTED TO COMMERCE, AGRICULTURE, ART, SCIENCE, MORALITY AND GENERAL INTELLIGENCE. PUBLISHED WEEKLY, BY RICHARDSON & PORTER. Tpiihs, $1,50 in Advance, $1.75 in six monllis $2.00 afleiv-Adverliseinenls inserted al Hie ciisloniarv prices VOL J- LAST—TIIOIIASTOV, TlllltSO AV 1IOILVIA«L O< TOK I it 15. 1840 AO. »». i.j_ - xi u f c i . b.w rjw vjwcyxayztt i TIlC Relllllied Pastor. *,o,n v*cw> nn,l 0,1 *Gc morning of the 'themselves together for family worship.— from nine o’clock in the morning to three 'Aint I a man now. Miss Tabitha, I ’d only, however, who knew the former level- twenty-second of the same month he look- Ho was told that twenty missionaries might I in the nOcrnoon; and from live to nine in like to know ,’ said Jotliam , rising with ness o f the spot. Ct will be recollected By many ol otn renders, that (,d ,|p0„ ,bc s|,((1.es of England—on the find employment there. the eveninu. There were twelve hundred spirit and putting his hat on his head, ‘ I f The Lieutenant, who had c ritic a lly the Kcv. Mr. Vomroy, Tastor ot the livst ( j following day ho landed. He wished to; Mr. l’omroy enumerated the places of | persons composing the convention, about I aint a man now. and a whole hog o f a watched the manoeuvring of the men, grognltonnl Church ol Bangor, lelt his people see ns much of the land of our fathers as interest ho visited in the Holy Land.— nine hundred of whom were clergymen, one too, I think it darned strange.’ congratulated the Orderly on the perfec- sonic sixteen months Since, for an European possible— a land that should lie dear to ! Sidon, Sarepta, Tyre.
    [Show full text]
  • Personal Protective Equipment (PPE) Guide
    Personal Protective Equipment (PPE) Guide Volume 1: General PPE February 2003 F417-207-000 This guide is designed to be used by supervisors, lead workers, managers, employers, and anyone responsible for the safety and health of employees. Employees are also encouraged to use information in this guide to analyze their own jobs, be aware of work place hazards, and take active responsibility for their own safety. Photos and graphic illustrations contained within this document were provided courtesy of the Occupational Safety and Health Administration (OSHA), Oregon OSHA, United States Coast Guard, EnviroWin Safety, Microsoft Clip Gallery (Online), and the Washington State Department of Labor and Industries. TABLE OF CONTENTS (If viewing this pdf document on the computer, you can place the cursor over the section headings below until a hand appears and then click. You can also use the Adobe Acrobat Navigation Pane to jump directly to the sections.) How To Use This Guide.......................................................................................... 4 A. Introduction.........................................................................................6 B. What you are required to do ..............................................................8 1. Do a Hazard Assessment for PPE and document it ........................................... 8 2. Select and provide appropriate PPE to your employees................................... 10 3. Provide training to your employees and document it ........................................ 11
    [Show full text]
  • The Multi-Principal OS Construction of the Gazelle Web Browser
    The Multi-Principal OS Construction of the Gazelle Web Browser Helen J. Wang, Chris Grier, Alex Moshchuk, Sam King, Piali Choudhury, Herman Venter Browser as an application platform • Single stop for many computing needs – banking, shopping, office tasks, social networks, entertainment • Static document browsing rich programs – obtained from mutually distrusting origins – same-origin policy: a browser is a multi-principal platform where web sites are principals • Browser = prime target of today’s attackers Your valuables are online! • Existing browser security mentality: – valuables on local machine – protect local machine from the web Browser OS • This work’s mentality: – valuables online – must also protect web site principals from one another Browser OS Browser design requires OS thinking • Cross-principal protection is an essential function of an operating system • Fundamental flaw with existing browser designs: – OS logic is intermingled with application-specific content processing – consequences: HTML • unreliable cross-principal protection JS engine parsing • many vulnerabilities DOM same-origin rendering protection Persistent network state access browser Gazelle • An OS exclusively manages: HTML JS engine – protection across principals parsing DOM – resource allocation same-origin – resource access control rendering protection Persistent network state access • Our approach for designing Gazelle: Browser kernel – take all OS functionality out of content processing logic – put it into a small, simple browser kernel Gazelle • Build
    [Show full text]
  • Gibraltar: Exposing Hardware Devices to Web Pages Using AJAX
    Gibraltar: Exposing Hardware Devices to Web Pages Using AJAX Kaisen Lin David Chu James Mickens Jian Qiu UC San Diego Li Zhuang Feng Zhao National University of Singapore Microsoft Research Abstract tion language (e.g, the Win32 API for Windows machines, Gibraltar is a new framework for exposing hardware devices or Java for Android). Both choices limit the portability of to web pages. Gibraltar’s fundamental insight is that Java- the resulting applications. Furthermore, moving to native Script’s AJAX facility can be used as a hardware access pro- code eliminates a key benefit of the web delivery model— tocol. Instead of relying on the browser to mediate device in- applications need not be installed, but merely navigated to. teractions, Gibraltar sandboxes the browser and uses a small device server to handle hardware requests. The server uses 1.1 A Partial Solution native code to interact with devices, and it exports a stan- To remedy these problems, the new HTML5 specifica- dard web server interface on the localhost. To access hard- tion [10] introduces several ways for JavaScript to access ware, web pages send device commands to the server using hardware. At a high-level, the interfaces expose devices as HTTP requests; the server returns hardware data via HTTP special objects embedded in the JavaScript runtime. For responses. example, the <input> tag [24] can reflect a web cam ob- Using a client-side JavaScript library, we build a simple ject into a page’s JavaScript namespace; the page reads or yet powerful device API atop this HTTP transfer protocol. writes hardware data by manipulating the properties of the The API is particularly useful to developers of mobile web object.
    [Show full text]
  • Eye Protection
    eye protection Eye Protection Synonymous with Design, Comfort, Protection and Reliability, 7/2+Safe® is known for high quality safety eyewear as well as safety prescription eyewear. Powered by state-of-the-art design and ergonomics, and competent manufacturing partners, 7/2+Safe® eyewear are guaranteed for superior protection and comfort. In addition to strict internal quality control, all 7/2+Safe® eyewear cOMPLYWITH53!!.3): , SingaporE33 standards, and are tested to Class 1 Optical Quality for Undistorted Vision. 7/2+Safe® utilizes Hard Coated (HC) polycarbonate lenses with 56Protection for maximum scratch resistance and impact protection. Indicated models come with Anti-Fog (AF) for enhanced clarity. Selected models are tested tO%.AND!3.:3STANDArds. ASIAN FIT All WORKSafe® eye protection have: They comply with: s 3Cratch-resistant hard coating (HC) s 53!!.3): OR s 56Protection s SingaporE33OR s Anti-fog coating (AF) for indicated s %.for indicated models models ANSI Z87.1-2010 Standard 4HE!MERICAN.ATIONAL3TANDARDS)NSTITUTE!.3) HASAPPROVEDANDISSUEDTHENEW!.3))3%!: !MERICAN.ATIONAL3TANDARDFOR /CCUPATIONALAND%DUCATIONAL%YEAND&ACE0ROTECTION!.3): 4HISSTANDARDWENTINTOEFFECT!PRIL ANDUPDATESTHE VERSION7HILETHESCOPEOFTHESTANDARDREMAINSMOSTLYUNCHANGED THEREAREANUMBEROFMODIFICATIONSTHATHAVESIGNIFICANTIMPACT The following outlines these changes and how they impact eye protection and the methods companies use to select safety products. Important Changes .EW: STANDARDNOWFOCUSESONHAZARDSINSTEADOFPROTECTORTYPE The objective is to encourage safety personnel and users to evaluate and identify specific hazards in their workplace such as Impact, Optical Radiation, Splash, Dust, and Fine Dust Particles. In the revised standard, selection of the appropriate eye and face protective devices should be based on consideration of the hazard. Impact & Coverage sImpact ratings: .EW: CLASSIFIESIMPACTPROTECTIONINTO 1. Non-Impact Rated - compliance to the impact requirements under “General Requirements”.
    [Show full text]
  • On the Disparity of Display Security in Mobile and Traditional Web Browsers
    On the Disparity of Display Security in Mobile and Traditional Web Browsers Chaitrali Amrutkar, Kapil Singh, Arunabh Verma and Patrick Traynor Converging Infrastructure Security (CISEC) Laboratory Georgia Institute of Technology Abstract elements. The difficulty in efficiently accessing large pages Mobile web browsers now provide nearly equivalent fea- on mobile devices makes an adversary capable of abusing tures when compared to their desktop counterparts. How- the rendering of display elements particularly acute from a ever, smaller screen size and optimized features for con- security perspective. strained hardware make the web experience on mobile In this paper, we characterize a number of differences in browsers significantly different. In this paper, we present the ways mobile and desktop browsers render webpages that the first comprehensive study of the display-related security potentially allow an adversary to deceive mobile users into issues in mobile browsers. We identify two new classes of performing unwanted and potentially dangerous operations. display-related security problems in mobile browsers and de- Specifically, we examine the handling of user interaction vise a range of real world attacks against them. Addition- with overlapped display elements, the ability of malicious ally, we identify an existing security policy for display on cross-origin elements to affect the placement of honest el- desktop browsers that is inappropriate on mobile browsers. ements and the ability of malicious cross-origin elements Our analysis is comprised of eight mobile and five desktop to alter the navigation of honest parent and descendant el- browsers. We compare security policies for display in the ements. We then perform the same tests against a number candidate browsers to infer that desktop browsers are signif- of desktop browsers and find that the majority of desktop icantly more compliant with the policies as compared to mo- browsers are not vulnerable to the same rendering issues.
    [Show full text]
  • The Multi-Principal OS Construction of the Gazelle Web Browser by Helen J. Wang, Et Al
    The Multi-Principal OS Construction of the Gazelle Web Browser by Helen J. Wang, et al. (USENIX Security Symposium, 2009) presented by Jedidiah R. McClurg Northwestern University April 16, 2012 presented by Jedidiah McClurg Gazelle Web Browser by Helen Wang, et al. Background The nature of the web is changing Originally, web pages featured static content Increasingly, web pages are dynamic applications Since the browser is the environment which loads/executes web pages, it needs to acommodate these changes This new browser structure should look familiar... presented by Jedidiah McClurg Gazelle Web Browser by Helen Wang, et al. Motivation An operating system! Multitasking Inter-process communication Window management A browser OS structure has several major advantages Site (process) memory isolation Error recovery Centralized policy enforcement (in the browser kernel) presented by Jedidiah McClurg Gazelle Web Browser by Helen Wang, et al. Motivation (Cont.) The Gazelle web browser [1] is based on this browser OS approach. The browser kernel is the sole entity in charge of... Fair sharing of system resources Cross-site resource protection (addressed in this paper) This main concern regarding resource protection is the SOP (same-origin policy) An origin or (principal) is defined as <protocol, domain-name, port> Different origins should be in different browser OS \processes" Note that news.google.com is a different origin than google.com presented by Jedidiah McClurg Gazelle Web Browser by Helen Wang, et al. Related Work Unfortunately, the popular browsers don't quite work this way Example: the Google Chrome browser Its origin policy is more lax, i.e. an origin is defined in terms of the top-level domain It has a per-site-instance process model, i.e.
    [Show full text]