diff --git a/dom/src/base/nsDOMClassInfo.cpp b/dom/src/base/nsDOMClassInfo.cpp
index 2aabda4df1d..6fe4b2017c5 100644
--- a/dom/src/base/nsDOMClassInfo.cpp
+++ b/dom/src/base/nsDOMClassInfo.cpp
@@ -4785,10 +4785,19 @@ BaseStubConstructor(nsIWeakReference* aWeakOwner,
 
   nsCOMPtr<nsIJSNativeInitializer> initializer(do_QueryInterface(native));
   if (initializer) {
+    // Initialize object using the current inner window, but only if
+    // the caller can access it.
     nsCOMPtr<nsPIDOMWindow> owner = do_QueryReferent(aWeakOwner);
-    NS_ENSURE_STATE(owner && owner->GetOuterWindow() &&
-                    owner->GetOuterWindow()->GetCurrentInnerWindow() == owner);
-    rv = initializer->Initialize(owner, cx, obj, argc, argv);
+    nsPIDOMWindow* outerWindow = owner ? owner->GetOuterWindow() : nsnull;
+    nsPIDOMWindow* currentInner =
+      outerWindow ? outerWindow->GetCurrentInnerWindow() : nsnull;
+    if (!currentInner ||
+        (owner != currentInner &&
+         !nsContentUtils::CanCallerAccess(currentInner))) {
+      return NS_ERROR_DOM_SECURITY_ERR;
+    }
+
+    rv = initializer->Initialize(currentInner, cx, obj, argc, argv);
     if (NS_FAILED(rv)) {
       return NS_ERROR_NOT_INITIALIZED;
     }
diff --git a/dom/tests/mochitest/bugs/Makefile.in b/dom/tests/mochitest/bugs/Makefile.in
index afe24c3cb9a..7fa42a52737 100644
--- a/dom/tests/mochitest/bugs/Makefile.in
+++ b/dom/tests/mochitest/bugs/Makefile.in
@@ -76,6 +76,7 @@ _TEST_FILES	= \
 		test_bug414291.html \
 		test_bug430276.html \
 		iframe_bug430276.html \
+		iframe_bug430276-2.html \
 		$(NULL)
 
 libs:: 	$(_TEST_FILES)
diff --git a/dom/tests/mochitest/bugs/iframe_bug430276-2.html b/dom/tests/mochitest/bugs/iframe_bug430276-2.html
new file mode 100644
index 00000000000..0d495cc9790
--- /dev/null
+++ b/dom/tests/mochitest/bugs/iframe_bug430276-2.html
@@ -0,0 +1,23 @@
+<!DOCTYPE html>
+<html>
+<head>
+  <title></title>
+  <script type="application/javascript">
+  new XMLHttpRequest();
+  function runTest() {
+    document.open();
+    var succeeded = true;
+    try {
+      new XMLHttpRequest();
+    } catch(e) {
+      succeeded = false;
+    }
+    window.parent.ok(succeeded, "Creating XMLHttpRequest failed!");
+    window.parent.SimpleTest.finish();
+    document.close();
+  }
+  </script>
+</head>
+<body onload="runTest()">
+</body>
+</html>
diff --git a/dom/tests/mochitest/bugs/iframe_bug430276.html b/dom/tests/mochitest/bugs/iframe_bug430276.html
index 92f56e76c92..703eb5dd552 100644
--- a/dom/tests/mochitest/bugs/iframe_bug430276.html
+++ b/dom/tests/mochitest/bugs/iframe_bug430276.html
@@ -12,7 +12,7 @@
       succeeded = false;
     }
     window.parent.ok(succeeded, "Creating XMLHttpRequest failed!");
-    window.parent.SimpleTest.finish();
+    window.parent.nextTest();
   }
   </script>
 </head>
diff --git a/dom/tests/mochitest/bugs/test_bug430276.html b/dom/tests/mochitest/bugs/test_bug430276.html
index 3ac7c134518..80843f667a2 100644
--- a/dom/tests/mochitest/bugs/test_bug430276.html
+++ b/dom/tests/mochitest/bugs/test_bug430276.html
@@ -25,6 +25,11 @@ function startTest() {
     .setAttribute("src", "iframe_bug430276.html");
 }
 
+function nextTest() {
+  document.getElementById("testFrame")
+    .setAttribute("src", "iframe_bug430276-2.html");
+}
+
 SimpleTest.waitForExplicitFinish();
 addLoadEvent(startTest);