diff --git a/dom/base/test/mochitest.ini b/dom/base/test/mochitest.ini
index 20ac368f51c7..f72ef8229177 100644
--- a/dom/base/test/mochitest.ini
+++ b/dom/base/test/mochitest.ini
@@ -64,11 +64,6 @@ support-files =
   eventsource_redirect.resource^headers^
   eventsource_redirect_to.resource
   eventsource_redirect_to.resource^headers^
-  file_CrossSiteXHR_cache_server.sjs
-  file_CrossSiteXHR_inner.html
-  file_CrossSiteXHR_inner.jar
-  file_CrossSiteXHR_inner_data.sjs
-  file_CrossSiteXHR_server.sjs
   file_XHRDocURI.text
   file_XHRDocURI.text^headers^
   file_XHRDocURI.xml
@@ -319,10 +314,6 @@ skip-if = (buildapp == 'b2g' && toolkit != 'gonk') #Bug 931116, b2g desktop spec
 [test_window_named_frame_enumeration.html]
 [test_writable-replaceable.html]
 [test_navigatorPrefOverride.html]
-[test_CrossSiteXHR.html]
-[test_CrossSiteXHR_cache.html]
-[test_CrossSiteXHR_origin.html]
-skip-if = buildapp == 'b2g' || e10s # last test fails to trigger onload on e10s/b2g
 [test_EventSource_redirects.html]
 [test_NodeIterator_basics_filters.xhtml]
 [test_NodeIterator_mutations_1.xhtml]
diff --git a/dom/base/test/file_CrossSiteXHR_cache_server.sjs b/dom/security/test/cors/file_CrossSiteXHR_cache_server.sjs
similarity index 87%
rename from dom/base/test/file_CrossSiteXHR_cache_server.sjs
rename to dom/security/test/cors/file_CrossSiteXHR_cache_server.sjs
index 5da6bf663e2e..b3e1d92e07cf 100644
--- a/dom/base/test/file_CrossSiteXHR_cache_server.sjs
+++ b/dom/security/test/cors/file_CrossSiteXHR_cache_server.sjs
@@ -7,7 +7,7 @@ function handleRequest(request, response)
   });
 
   if ("setState" in query) {
-    setState("test/dom/base/test_CrossSiteXHR_cache:secData",
+    setState("test/dom/security/test/cors/test_CrossSiteXHR_cache:secData",
              query.setState);
 
     response.setHeader("Cache-Control", "no-cache", false);
@@ -22,7 +22,7 @@ function handleRequest(request, response)
   // Send response
 
   secData =
-    eval(getState("test/dom/base/test_CrossSiteXHR_cache:secData"));
+    eval(getState("test/dom/security/test/cors/test_CrossSiteXHR_cache:secData"));
 
   if (secData.allowOrigin)
     response.setHeader("Access-Control-Allow-Origin", secData.allowOrigin);
diff --git a/dom/base/test/file_CrossSiteXHR_inner.html b/dom/security/test/cors/file_CrossSiteXHR_inner.html
similarity index 100%
rename from dom/base/test/file_CrossSiteXHR_inner.html
rename to dom/security/test/cors/file_CrossSiteXHR_inner.html
diff --git a/dom/base/test/file_CrossSiteXHR_inner.jar b/dom/security/test/cors/file_CrossSiteXHR_inner.jar
similarity index 100%
rename from dom/base/test/file_CrossSiteXHR_inner.jar
rename to dom/security/test/cors/file_CrossSiteXHR_inner.jar
diff --git a/dom/base/test/file_CrossSiteXHR_inner_data.sjs b/dom/security/test/cors/file_CrossSiteXHR_inner_data.sjs
similarity index 100%
rename from dom/base/test/file_CrossSiteXHR_inner_data.sjs
rename to dom/security/test/cors/file_CrossSiteXHR_inner_data.sjs
diff --git a/dom/base/test/file_CrossSiteXHR_server.sjs b/dom/security/test/cors/file_CrossSiteXHR_server.sjs
similarity index 98%
rename from dom/base/test/file_CrossSiteXHR_server.sjs
rename to dom/security/test/cors/file_CrossSiteXHR_server.sjs
index cbf042040e8a..a2b7cafb3355 100644
--- a/dom/base/test/file_CrossSiteXHR_server.sjs
+++ b/dom/security/test/cors/file_CrossSiteXHR_server.sjs
@@ -138,7 +138,7 @@ function handleRequest(request, response)
 
   if (query.hop && query.hop < hops.length) {
     newURL = hops[query.hop].server +
-             "/tests/dom/base/test/file_CrossSiteXHR_server.sjs?" +
+             "/tests/dom/security/test/cors/file_CrossSiteXHR_server.sjs?" +
              "hop=" + (query.hop + 1) + "&hops=" + query.hops;
     response.setStatusLine(null, 307, "redirect");
     response.setHeader("Location", newURL);
diff --git a/dom/security/test/cors/mochitest.ini b/dom/security/test/cors/mochitest.ini
new file mode 100644
index 000000000000..0dbba8be5202
--- /dev/null
+++ b/dom/security/test/cors/mochitest.ini
@@ -0,0 +1,12 @@
+[DEFAULT]
+support-files =
+  file_CrossSiteXHR_cache_server.sjs
+  file_CrossSiteXHR_inner.html
+  file_CrossSiteXHR_inner.jar
+  file_CrossSiteXHR_inner_data.sjs
+  file_CrossSiteXHR_server.sjs
+
+[test_CrossSiteXHR.html]
+[test_CrossSiteXHR_cache.html]
+[test_CrossSiteXHR_origin.html]
+skip-if = buildapp == 'b2g' || e10s # last test fails to trigger onload on e10s/b2g
diff --git a/dom/base/test/test_CrossSiteXHR.html b/dom/security/test/cors/test_CrossSiteXHR.html
similarity index 99%
rename from dom/base/test/test_CrossSiteXHR.html
rename to dom/security/test/cors/test_CrossSiteXHR.html
index c9e63861895d..fad29526a27d 100644
--- a/dom/base/test/test_CrossSiteXHR.html
+++ b/dom/security/test/cors/test_CrossSiteXHR.html
@@ -44,11 +44,11 @@ function runTest() {
   loader.onload = function () { gen.next() };
 
   // Test preflight-less requests
-  basePath = "/tests/dom/base/test/file_CrossSiteXHR_server.sjs?"
+  basePath = "/tests/dom/security/test/cors/file_CrossSiteXHR_server.sjs?"
   baseURL = "http://mochi.test:8888" + basePath;
 
   // Test preflighted requests
-  loader.src = "http://example.org/tests/dom/base/test/file_CrossSiteXHR_inner.html";
+  loader.src = "http://example.org/tests/dom/security/test/cors/file_CrossSiteXHR_inner.html";
   origin = "http://example.org";
   yield undefined;
 
@@ -874,7 +874,7 @@ function runTest() {
 
 
   // Test redirects
-  is(loader.src, "http://example.org/tests/dom/base/test/file_CrossSiteXHR_inner.html");
+  is(loader.src, "http://example.org/tests/dom/security/test/cors/file_CrossSiteXHR_inner.html");
   is(origin, "http://example.org");
 
   tests = [{ pass: 1,
diff --git a/dom/base/test/test_CrossSiteXHR_cache.html b/dom/security/test/cors/test_CrossSiteXHR_cache.html
similarity index 98%
rename from dom/base/test/test_CrossSiteXHR_cache.html
rename to dom/security/test/cors/test_CrossSiteXHR_cache.html
index 77371044f324..bcd74b9d904f 100644
--- a/dom/base/test/test_CrossSiteXHR_cache.html
+++ b/dom/security/test/cors/test_CrossSiteXHR_cache.html
@@ -30,7 +30,7 @@ function runTest() {
   var loaderWindow = loader.contentWindow;
   loader.onload = function () { gen.next() };
 
-  loader.src = "http://example.org/tests/dom/base/test/file_CrossSiteXHR_inner.html";
+  loader.src = "http://example.org/tests/dom/security/test/cors/file_CrossSiteXHR_inner.html";
   origin = "http://example.org";
   yield undefined;
 
@@ -428,7 +428,7 @@ function runTest() {
                });
   }
 
-  baseURL = "http://mochi.test:8888/tests/dom/base/test/" +
+  baseURL = "http://mochi.test:8888/tests/dom/security/test/cors/" +
              "file_CrossSiteXHR_cache_server.sjs?";
   setStateURL = baseURL + "setState=";
 
diff --git a/dom/base/test/test_CrossSiteXHR_origin.html b/dom/security/test/cors/test_CrossSiteXHR_origin.html
similarity index 92%
rename from dom/base/test/test_CrossSiteXHR_origin.html
rename to dom/security/test/cors/test_CrossSiteXHR_origin.html
index 09fd81502b2a..95fe7f21c42f 100644
--- a/dom/base/test/test_CrossSiteXHR_origin.html
+++ b/dom/security/test/cors/test_CrossSiteXHR_origin.html
@@ -39,10 +39,10 @@ var origins =
      origin: 'http://xn--hxajbheg2az3al.xn--jxalpdlp'
    },
    { origin: 'http://example.org',
-     file: 'jar:http://example.org/tests/dom/base/test/file_CrossSiteXHR_inner.jar!/file_CrossSiteXHR_inner.html'
+     file: 'jar:http://example.org/tests/dom/security/test/cors/file_CrossSiteXHR_inner.jar!/file_CrossSiteXHR_inner.html'
    },
    { origin: 'null',
-     file: 'http://example.org/tests/dom/base/test/file_CrossSiteXHR_inner_data.sjs'
+     file: 'http://example.org/tests/dom/security/test/cors/file_CrossSiteXHR_inner_data.sjs'
    },
    ];
 
@@ -61,14 +61,14 @@ function runTest() {
   loader.onload = function () { gen.next() };
 
   // Test preflight-less requests
-  basePath = "/tests/dom/base/test/file_CrossSiteXHR_server.sjs?"
+  basePath = "/tests/dom/security/test/cors/file_CrossSiteXHR_server.sjs?"
   baseURL = "http://mochi.test:8888" + basePath;
 
   for (originEntry of origins) {
     origin = originEntry.origin || originEntry.server;
 
     loader.src = originEntry.file ||
-                 (originEntry.server + "/tests/dom/base/test/file_CrossSiteXHR_inner.html");
+                 (originEntry.server + "/tests/dom/security/test/cors/file_CrossSiteXHR_inner.html");
     yield undefined;
 
     var isNullOrigin = origin == "null";
diff --git a/dom/security/test/moz.build b/dom/security/test/moz.build
index 8f2441d8c7ce..c5eeba3ebd22 100644
--- a/dom/security/test/moz.build
+++ b/dom/security/test/moz.build
@@ -13,6 +13,7 @@ GeckoCppUnitTests([
 ])
 
 MOCHITEST_MANIFESTS += [
+    'cors/mochitest.ini',
     'csp/mochitest.ini',
     'mixedcontentblocker/mochitest.ini',
 ]