diff --git a/browser/app/profile/firefox.js b/browser/app/profile/firefox.js
index f46ee16c421..17ee5ee76c2 100644
--- a/browser/app/profile/firefox.js
+++ b/browser/app/profile/firefox.js
@@ -715,12 +715,34 @@ pref("gecko.handlerService.schemes.ircs.3.uriTemplate", "chrome://browser-region
 pref("gecko.handlerService.allowRegisterFromDifferentHost", false);
 
 #ifdef MOZ_SAFE_BROWSING
+// Safe browsing does nothing unless this pref is set
 pref("browser.safebrowsing.enabled", true);
+
+// Prevent loading of pages identified as malware
 pref("browser.safebrowsing.malware.enabled", true);
+
+// Debug logging to error console
 pref("browser.safebrowsing.debug", false);
 
+// Non-enhanced mode (local url lists) URL list to check for updates
+pref("browser.safebrowsing.provider.0.updateURL", "http://safebrowsing.clients.google.com/safebrowsing/downloads?client={moz:client}&appver={moz:version}&pver=2.2");
+
 pref("browser.safebrowsing.dataProvider", 0);
+
+// Does the provider name need to be localizable?
 pref("browser.safebrowsing.provider.0.name", "Google");
+pref("browser.safebrowsing.provider.0.keyURL", "https://sb-ssl.google.com/safebrowsing/newkey?client={moz:client}&appver={moz:version}&pver=2.2");
+pref("browser.safebrowsing.provider.0.reportURL", "http://safebrowsing.clients.google.com/safebrowsing/report?");
+pref("browser.safebrowsing.provider.0.gethashURL", "http://safebrowsing.clients.google.com/safebrowsing/gethash?client={moz:client}&appver={moz:version}&pver=2.2");
+
+// HTML report pages
+pref("browser.safebrowsing.provider.0.reportGenericURL", "http://{moz:locale}.phish-generic.mozilla.com/?hl={moz:locale}");
+pref("browser.safebrowsing.provider.0.reportErrorURL", "http://{moz:locale}.phish-error.mozilla.com/?hl={moz:locale}");
+pref("browser.safebrowsing.provider.0.reportPhishURL", "http://{moz:locale}.phish-report.mozilla.com/?hl={moz:locale}");
+pref("browser.safebrowsing.provider.0.reportMalwareURL", "http://{moz:locale}.malware-report.mozilla.com/?hl={moz:locale}");
+pref("browser.safebrowsing.provider.0.reportMalwareErrorURL", "http://{moz:locale}.malware-error.mozilla.com/?hl={moz:locale}");
+
+// FAQ URLs
 pref("browser.safebrowsing.warning.infoURL", "http://www.mozilla.com/%LOCALE%/firefox/phishing-protection/");
 pref("browser.geolocation.warning.infoURL", "http://www.mozilla.com/%LOCALE%/firefox/geolocation/");
 
diff --git a/browser/components/safebrowsing/Makefile.in b/browser/components/safebrowsing/Makefile.in
index bf0e210afdd..9bb8b3ff56b 100644
--- a/browser/components/safebrowsing/Makefile.in
+++ b/browser/components/safebrowsing/Makefile.in
@@ -13,6 +13,10 @@ include $(DEPTH)/config/autoconf.mk
 
 TEST_DIRS += content/test
 
+ifdef MOZILLA_OFFICIAL
+DEFINES += -DOFFICIAL_BUILD=1
+endif
+
 EXTRA_PP_JS_MODULES = \
   SafeBrowsing.jsm \
   $(NULL)
diff --git a/browser/components/safebrowsing/SafeBrowsing.jsm b/browser/components/safebrowsing/SafeBrowsing.jsm
index 32e9a07726a..f2dc3f7a8aa 100644
--- a/browser/components/safebrowsing/SafeBrowsing.jsm
+++ b/browser/components/safebrowsing/SafeBrowsing.jsm
@@ -13,18 +13,6 @@ Cu.import("resource://gre/modules/Services.jsm");
 const phishingList = "goog-phish-shavar";
 const malwareList  = "goog-malware-shavar";
 
-var urlList = {
-  updateURL:             "http://safebrowsing.clients.google.com/safebrowsing/downloads?client=%SAFEBROWSING_ID%&appver=%VERSION%&pver=2.2",
-  keyURL:                "https://sb-ssl.google.com/safebrowsing/newkey?client=%SAFEBROWSING_ID%&appver=%VERSION%&pver=2.2",
-  reportURL:             "http://safebrowsing.clients.google.com/safebrowsing/report?",
-  gethashURL:            "http://safebrowsing.clients.google.com/safebrowsing/gethash?client=%SAFEBROWSING_ID%&appver=%VERSION%&pver=2.2",
-  reportGenericURL:      "http://%LOCALE%.phish-generic.mozilla.com/?hl=%LOCALE%",
-  reportErrorURL:        "http://%LOCALE%.phish-error.mozilla.com/?hl=%LOCALE%",
-  reportPhishURL:        "http://%LOCALE%.phish-report.mozilla.com/?hl=%LOCALE%",
-  reportMalwareURL:      "http://%LOCALE%.malware-report.mozilla.com/?hl=%LOCALE%",
-  reportMalwareErrorURL: "http://%LOCALE%.malware-error.mozilla.com/?hl=%LOCALE%",
-};
-
 var debug = false;
 function log(...stuff) {
   if (!debug)
@@ -37,16 +25,12 @@ function log(...stuff) {
 
 var SafeBrowsing = {
 
-  init: function(customURLs) {
+  init: function() {
     if (this.initialized) {
       log("Already initialized");
       return;
     }
 
-    // Allow tests to specify local urls for testing against a local server.
-    if (customURLs)
-      urlList = customURLs;
-
     Services.prefs.addObserver("browser.safebrowsing", this.readPrefs, false);
     this.readPrefs();
 
@@ -79,6 +63,7 @@ var SafeBrowsing = {
   phishingEnabled: false,
   malwareEnabled:  false,
 
+  provName:              null,
   updateURL:             null,
   keyURL:                null,
   reportURL:             null,
@@ -120,20 +105,57 @@ var SafeBrowsing = {
       return;
     }
 
-    // The following URLs were once prefs, "browser.safebrowsing.provider.0.*"
+    let basePref = "browser.safebrowsing.provider.0.";
+    this.provName = Services.prefs.getCharPref(basePref + "name");
 
     // Urls used to get data from a provider
-    this.updateURL  = Services.urlFormatter.formatURL(urlList["updateURL"]);
-    this.keyURL     = Services.urlFormatter.formatURL(urlList["keyURL"]);
-    this.reportURL  = Services.urlFormatter.formatURL(urlList["reportURL"]);
-    this.gethashURL = Services.urlFormatter.formatURL(urlList["gethashURL"]);
+    this.updateURL  = this.getUrlPref(basePref + "updateURL");
+    this.keyURL     = this.getUrlPref(basePref + "keyURL");
+    this.reportURL  = this.getUrlPref(basePref + "reportURL");
+    this.gethashURL = this.getUrlPref(basePref + "gethashURL");
 
     // Urls to HTML report pages
-    this.reportGenericURL      = Services.urlFormatter.formatURL(urlList["reportGenericURL"]);
-    this.reportErrorURL        = Services.urlFormatter.formatURL(urlList["reportErrorURL"]);
-    this.reportPhishURL        = Services.urlFormatter.formatURL(urlList["reportPhishURL"]);
-    this.reportMalwareURL      = Services.urlFormatter.formatURL(urlList["reportMalwareURL"]);
-    this.reportMalwareErrorURL = Services.urlFormatter.formatURL(urlList["reportMalwareErrorURL"]);
+    this.reportGenericURL      = this.getUrlPref(basePref + "reportGenericURL");
+    this.reportErrorURL        = this.getUrlPref(basePref + "reportErrorURL");
+    this.reportPhishURL        = this.getUrlPref(basePref + "reportPhishURL");
+    this.reportMalwareURL      = this.getUrlPref(basePref + "reportMalwareURL")
+    this.reportMalwareErrorURL = this.getUrlPref(basePref + "reportMalwareErrorURL")
+  },
+
+
+  getUrlPref: function(prefName) {
+    let MOZ_OFFICIAL_BUILD = false;
+#ifdef OFFICIAL_BUILD
+    MOZ_OFFICIAL_BUILD = true;
+#endif
+
+    let url = Services.prefs.getCharPref(prefName);
+
+    let clientName = MOZ_OFFICIAL_BUILD ? "navclient-auto-ffox" : Services.appinfo.name;
+    let clientVersion = Services.appinfo.version;
+
+    // Parameter substitution
+    // XXX: we should instead use nsIURLFormatter here.
+    url = url.replace(/\{moz:locale\}/g,  this.getLocale());
+    url = url.replace(/\{moz:client\}/g,  clientName);
+    url = url.replace(/\{moz:buildid\}/g, Services.appinfo.appBuildID);
+    url = url.replace(/\{moz:version\}/g, clientVersion);
+
+    log(prefName, "is", url);
+    return url;
+  },
+
+
+  getLocale: function() {
+    const localePref = "general.useragent.locale";
+
+    let locale = Services.prefs.getCharPref(localePref);
+    try {
+      // Dumb. This API only works if pref is localized or has a user value.
+      locale = Services.prefs.getComplexValue(localePref, Ci.nsIPrefLocalizedString).data;
+    } catch (e) { }
+
+    return locale;
   },
 
 
diff --git a/toolkit/components/urlformatter/Makefile.in b/toolkit/components/urlformatter/Makefile.in
index b3ef05e3a2d..2781627c27f 100644
--- a/toolkit/components/urlformatter/Makefile.in
+++ b/toolkit/components/urlformatter/Makefile.in
@@ -1,3 +1,4 @@
+#
 # This Source Code Form is subject to the terms of the Mozilla Public
 # License, v. 2.0. If a copy of the MPL was not distributed with this
 # file, You can obtain one at http://mozilla.org/MPL/2.0/.
@@ -11,10 +12,6 @@ include $(DEPTH)/config/autoconf.mk
 
 MODULE = urlformatter
 
-ifdef MOZILLA_OFFICIAL
-DEFINES += -DOFFICIAL_BUILD=1
-endif
-
 XPIDLSRCS = \
   nsIURLFormatter.idl \
   $(NULL)
diff --git a/toolkit/components/urlformatter/nsURLFormatter.js b/toolkit/components/urlformatter/nsURLFormatter.js
index 50d0020ef96..686833aa5e6 100644
--- a/toolkit/components/urlformatter/nsURLFormatter.js
+++ b/toolkit/components/urlformatter/nsURLFormatter.js
@@ -24,12 +24,6 @@ const PREF_PARTNER_BRANCH             = "app.partner.";
 const PREF_APP_DISTRIBUTION           = "distribution.id";
 const PREF_APP_DISTRIBUTION_VERSION   = "distribution.version";
 
-#ifdef OFFICIAL_BUILD
-const MOZ_OFFICIAL_BUILD = true;
-#else
-const MOZ_OFFICIAL_BUILD = false;
-#endif
-
 function nsURLFormatterService() {
   XPCOMUtils.defineLazyGetter(this, "appInfo", function UFS_appInfo() {
     return Cc["@mozilla.org/xre/app-info;1"].
@@ -127,8 +121,7 @@ nsURLFormatterService.prototype = {
     OS_VERSION:       function() this.OSVersion,
     CHANNEL:          function() this.updateChannel,
     DISTRIBUTION:     function() this.distribution.id,
-    DISTRIBUTION_VERSION: function() this.distribution.version,
-    SAFEBROWSING_ID:  function() MOZ_OFFICIAL_BUILD ? "navclient-auto-ffox" : this.appInfo.name,
+    DISTRIBUTION_VERSION: function() this.distribution.version
   },
 
   formatURL: function uf_formatURL(aFormat) {