diff --git a/mozilla/caps/src/nsScriptSecurityManager.cpp b/mozilla/caps/src/nsScriptSecurityManager.cpp
index e5996817caf..81a380bf2cc 100644
--- a/mozilla/caps/src/nsScriptSecurityManager.cpp
+++ b/mozilla/caps/src/nsScriptSecurityManager.cpp
@@ -151,6 +151,17 @@ nsScriptSecurityManager::CheckConnect(JSContext* aJSContext,
                                       const char* aClassName,
                                       const char* aPropertyName)
 {
+    // Get a context if necessary
+    if (!aJSContext)
+    {
+        aJSContext = GetCurrentContextQuick();
+        if (!aJSContext)
+            return NS_OK; // No JS context, so allow the load
+    }
+
+    nsresult rv = CheckLoadURIFromScript(aJSContext, aTargetURI);
+    if (NS_FAILED(rv)) return rv;
+
     return CheckPropertyAccessImpl(nsIXPCSecurityManager::ACCESS_GET_PROPERTY, nsnull,
                                    aJSContext, nsnull, nsnull, aTargetURI,
                                    nsnull, nsnull, aClassName, aPropertyName, nsnull);
@@ -180,12 +191,14 @@ nsScriptSecurityManager::CheckPropertyAccessImpl(PRUint32 aAction,
           printf("### CheckPropertyAccess(%s.%s, %i) ", aClassName, aProperty, aAction);
     else
     {
-        nsXPIDLCString classDescription;
+        nsXPIDLCString classNameStr;
+        const char* className;
         if (aClassInfo)
-            aClassInfo->GetClassDescription(getter_Copies(classDescription));
-        if(!classDescription)
-            classDescription = "UnknownClass";
-        nsCAutoString propertyStr(classDescription);
+            aClassInfo->GetClassDescription(getter_Copies(classNameStr));
+        className = classNameStr.get();
+        if(!className)
+            className = "UnknownClass";
+        nsCAutoString propertyStr(className);
         propertyStr += '.';
         propertyStr.AppendWithConversion((PRUnichar*)JSValIDToString(aJSContext, aName));
 
@@ -590,14 +603,6 @@ nsScriptSecurityManager::GetPrefName(nsIPrincipal* principal,
 NS_IMETHODIMP
 nsScriptSecurityManager::CheckLoadURIFromScript(JSContext *cx, nsIURI *aURI)
 {
-    // Get a context if necessary
-    if (!cx)
-    {
-        cx = GetCurrentContextQuick();
-        if (!cx)
-            return NS_OK; // No JS context, so allow the load
-    }
-
     // Get principal of currently executing script.
     nsCOMPtr<nsIPrincipal> principal;
     if (NS_FAILED(GetSubjectPrincipal(cx, getter_AddRefs(principal))))
@@ -1303,11 +1308,14 @@ nsScriptSecurityManager::IsCapabilityEnabled(const char *capability,
     JSStackFrame *fp = nsnull;
     JSContext *cx = GetCurrentContextQuick();
     fp = cx ? JS_FrameIterator(cx, &fp) : nsnull;
-    if (!fp) {
+    if (!fp)
+    {
         // No script code on stack. Allow execution.
         *result = PR_TRUE;
         return NS_OK;
     }
+    *result = PR_FALSE;
+    nsCOMPtr<nsIPrincipal> previousPrincipal;
     do
     {
         nsCOMPtr<nsIPrincipal> principal;
@@ -1315,30 +1323,32 @@ nsScriptSecurityManager::IsCapabilityEnabled(const char *capability,
             return NS_ERROR_FAILURE;
         if (!principal)
             continue;
+        // If caller has a different principal, stop looking up the stack.
+        if(previousPrincipal)
+        {
+            PRBool isEqual = PR_FALSE;
+            if(NS_FAILED(previousPrincipal->Equals(principal, &isEqual)) || !isEqual)
+                break;
+        }
+        else
+            previousPrincipal = principal;
 
         // First check if the principal is even able to enable the 
         // given capability. If not, don't look any further.
         PRInt16 canEnable;
         rv = principal->CanEnableCapability(capability, &canEnable);
-        if (NS_FAILED(rv))
-            return rv;
+        if (NS_FAILED(rv)) return rv;
         if (canEnable != nsIPrincipal::ENABLE_GRANTED &&
             canEnable != nsIPrincipal::ENABLE_WITH_USER_PERMISSION) 
-        {
-            *result = PR_FALSE;
             return NS_OK;
-        }
 
         // Now see if the capability is enabled.
         void *annotation = JS_GetFrameAnnotation(cx, fp);
-        rv = principal->IsCapabilityEnabled(capability, annotation, 
-                                            result);
-        if (NS_FAILED(rv))
-            return rv;
+        rv = principal->IsCapabilityEnabled(capability, annotation, result);
+        if (NS_FAILED(rv)) return rv;
         if (*result)
             return NS_OK;
     } while ((fp = JS_FrameIterator(cx, &fp)) != nsnull);
-    *result = PR_FALSE;
     return NS_OK;
 }
 
@@ -1511,7 +1521,7 @@ nsScriptSecurityManager::EnableCapability(const char *capability)
     JSContext *cx = GetCurrentContextQuick();
     JSStackFrame *fp;
 
-    //Error checks for capability string length (200)
+    //-- Error checks for capability string length (200)
     if(PL_strlen(capability)>200)
     {
 		static const char msg[] = "Capability name too long";
diff --git a/mozilla/content/xml/document/src/nsXMLDocument.cpp b/mozilla/content/xml/document/src/nsXMLDocument.cpp
index d155ab2f369..3f69cd80939 100644
--- a/mozilla/content/xml/document/src/nsXMLDocument.cpp
+++ b/mozilla/content/xml/document/src/nsXMLDocument.cpp
@@ -326,7 +326,7 @@ nsXMLDocument::Load(const nsAReadableString& aUrl)
   // Get security manager, check to see if we're allowed to load this URI
   NS_WITH_SERVICE(nsIScriptSecurityManager, secMan, NS_SCRIPTSECURITYMANAGER_CONTRACTID, &rv);
   if (NS_FAILED(rv)) return rv;
-  if (NS_FAILED(secMan->CheckLoadURIFromScript(nsnull, uri)))
+  if (NS_FAILED(secMan->CheckConnect(nsnull, uri, "XMLDocument", "load")))
     return NS_ERROR_FAILURE;
 
   // Partial Reset
diff --git a/mozilla/xpfe/communicator/resources/content/contentAreaUtils.js b/mozilla/xpfe/communicator/resources/content/contentAreaUtils.js
index b4b8c422327..8b1440ad732 100644
--- a/mozilla/xpfe/communicator/resources/content/contentAreaUtils.js
+++ b/mozilla/xpfe/communicator/resources/content/contentAreaUtils.js
@@ -37,23 +37,26 @@
     return false;
   }
 
-  function openNewWindowWith(url) {
-
+  function urlSecurityCheck(url, doc) {
     // URL Loading Security Check
-	var focusedWindow = document.commandDispatcher.focusedWindow;
-    var sourceWin = isDocumentFrame(focusedWindow) ? focusedWindow.location.href : window._content.location.href;
-
+    var focusedWindow = doc.commandDispatcher.focusedWindow;
+	var sourceWin = isDocumentFrame(focusedWindow) ? focusedWindow.location.href : focusedWindow._content.location.href;
     const nsIScriptSecurityManager = Components.interfaces.nsIScriptSecurityManager;
     var secMan = Components.classes["@mozilla.org/scriptsecuritymanager;1"].getService().
-                 QueryInterface(nsIScriptSecurityManager);
-	try {
+					 QueryInterface(nsIScriptSecurityManager);
+    try {
       secMan.checkLoadURIStr(sourceWin, url, nsIScriptSecurityManager.STANDARD);
     } catch (e) {
-	  throw "Load of " + url + " denied.";
+       throw "Load of " + url + " denied.";
     }
+  }
+
+  function openNewWindowWith(url) {
+
+	urlSecurityCheck(url, document);
     var newWin;
     var wintype = document.firstChild.getAttribute('windowtype');
-     
+
     // if and only if the current window is a browser window and it has a document with a character
     // set, then extract the current charset menu setting from the current document and use it to
     // initialize the new browser window...
diff --git a/mozilla/xpfe/communicator/resources/content/nsContextMenu.js b/mozilla/xpfe/communicator/resources/content/nsContextMenu.js
index 75da833ad26..bc3b56ab0e4 100644
--- a/mozilla/xpfe/communicator/resources/content/nsContextMenu.js
+++ b/mozilla/xpfe/communicator/resources/content/nsContextMenu.js
@@ -427,6 +427,7 @@ nsContextMenu.prototype = {
     },
     // Edit linked-to URL in a new window.
     editLink : function () {
+        urlSecurityCheck( this.linkURL(), window.document );
         editPage( this.linkURL(), window, false );
     },
     // Reload clicked-in frame.
diff --git a/mozilla/xpfe/communicator/resources/content/utilityOverlay.js b/mozilla/xpfe/communicator/resources/content/utilityOverlay.js
index c95098c03e1..af6521597f4 100644
--- a/mozilla/xpfe/communicator/resources/content/utilityOverlay.js
+++ b/mozilla/xpfe/communicator/resources/content/utilityOverlay.js
@@ -332,20 +332,6 @@ function editPage(url, launchWindow, delay)
     }
   }
 
-  // URL Loading Security Check
-  var focusedWindow = launchWindow.document.commandDispatcher.focusedWindow;
-  var sourceWin = isDocumentFrame(focusedWindow) ? focusedWindow.location.href : focusedWindow._content.location.href;
-
-  const nsIScriptSecurityManager = Components.interfaces.nsIScriptSecurityManager;
-  var secMan = Components.classes["@mozilla.org/scriptsecuritymanager;1"].getService().
-               QueryInterface(nsIScriptSecurityManager);
-  try {
-    secMan.checkLoadURIStr(sourceWin, url, nsIScriptSecurityManager.STANDARD);
-  } catch (e) {
-  	  throw "Edit of " + url + " denied.";
-  }
-
-
   var windowManager = Components.classes['@mozilla.org/rdf/datasource;1?name=window-mediator'].getService();
   if (!windowManager) return;
   var windowManagerInterface = windowManager.QueryInterface( Components.interfaces.nsIWindowMediator);