diff --git a/netwerk/protocol/about/src/nsAboutRedirector.cpp b/netwerk/protocol/about/src/nsAboutRedirector.cpp
index e306f9ea68b5..85dff521f448 100644
--- a/netwerk/protocol/about/src/nsAboutRedirector.cpp
+++ b/netwerk/protocol/about/src/nsAboutRedirector.cpp
@@ -29,6 +29,7 @@
 #include "nsIURI.h"
 #include "nsXPIDLString.h"
 #include "plstr.h"
+#include "nsIScriptSecurityManager.h"
 
 static NS_DEFINE_CID(kIOServiceCID, NS_IOSERVICE_CID);
 
@@ -53,10 +54,35 @@ nsAboutRedirector::NewChannel(nsIURI *aURI, nsIChannel **result)
     if (NS_FAILED(rv))
         return rv;
 
+    static const char kChromePrefix[] = "chrome:";
     for (int i = 0; i< kRedirTotal; i++) 
     {
         if (!PL_strcasecmp(path, kRedirMap[i][0]))
-            return ioService->NewChannel(kRedirMap[i][1], nsnull, result);
+        {
+            nsCOMPtr<nsIChannel> tempChannel;
+             rv = ioService->NewChannel(kRedirMap[i][1], nsnull, getter_AddRefs(tempChannel));
+             //-- If we're redirecting to a chrome URL, change the owner of the channel
+             //   to keep the page from getting unnecessary privileges.
+             if (NS_SUCCEEDED(rv) && result &&
+                 !PL_strncasecmp(kRedirMap[i][1], kChromePrefix, sizeof(kChromePrefix)-1))
+             {
+                  NS_WITH_SERVICE(nsIScriptSecurityManager, securityManager, 
+                  NS_SCRIPTSECURITYMANAGER_CONTRACTID, &rv);
+                  if (NS_FAILED(rv))
+                      return rv;
+            
+                  nsCOMPtr<nsIPrincipal> principal;
+                  rv = securityManager->GetCodebasePrincipal(aURI, getter_AddRefs(principal));
+                  if (NS_FAILED(rv))
+                      return rv;
+            
+                  nsCOMPtr<nsISupports> owner = do_QueryInterface(principal);
+                  rv = tempChannel->SetOwner(owner);
+             }
+             *result = tempChannel.get();
+             NS_ADDREF(*result);
+             return rv;
+        }
 
     }
     NS_ASSERTION(0, "nsAboutRedirector called for unknown case");
diff --git a/xpfe/appshell/src/nsAbout.cpp b/xpfe/appshell/src/nsAbout.cpp
index c3480d635efc..bc9bc11699da 100644
--- a/xpfe/appshell/src/nsAbout.cpp
+++ b/xpfe/appshell/src/nsAbout.cpp
@@ -26,6 +26,7 @@
 #include "nsCOMPtr.h"
 #include "nsIURI.h"
 #include "nsNetCID.h"
+#include "nsIScriptSecurityManager.h"
 
 static NS_DEFINE_CID(kIOServiceCID, NS_IOSERVICE_CID);
 
@@ -40,7 +41,24 @@ nsAbout::NewChannel(nsIURI *aURI, nsIChannel **result)
     NS_WITH_SERVICE(nsIIOService, ioService, kIOServiceCID, &rv);
     if ( NS_FAILED(rv) )
         return rv;
-   	rv = ioService->NewChannel(kURI, nsnull, result);
+
+    nsCOMPtr<nsIChannel> tempChannel;
+   	rv = ioService->NewChannel(kURI, nsnull, getter_AddRefs(tempChannel));
+
+    NS_WITH_SERVICE(nsIScriptSecurityManager, securityManager, 
+    NS_SCRIPTSECURITYMANAGER_CONTRACTID, &rv);
+    if (NS_FAILED(rv))
+        return rv;
+
+    nsCOMPtr<nsIPrincipal> principal;
+    rv = securityManager->GetCodebasePrincipal(aURI, getter_AddRefs(principal));
+    if (NS_FAILED(rv))
+        return rv;
+
+    nsCOMPtr<nsISupports> owner = do_QueryInterface(principal);
+    rv = tempChannel->SetOwner(owner);
+    *result = tempChannel.get();
+    NS_ADDREF(*result);
     return rv;
 }