diff --git a/js/src/jit-test/tests/auto-regress/bug1147907.js b/js/src/jit-test/tests/auto-regress/bug1147907.js
new file mode 100644
index 00000000000..93c1920d4e9
--- /dev/null
+++ b/js/src/jit-test/tests/auto-regress/bug1147907.js
@@ -0,0 +1,13 @@
+var evalInFrame = (function (global) {
+  var dbgGlobal = newGlobal();
+  var dbg = new dbgGlobal.Debugger();
+  return function evalInFrame(upCount, code) {
+    dbg.addDebuggee(global);
+    var frame = dbg.getNewestFrame().older;
+    var completion = frame.eval(code);
+  };
+})(this);
+var x = 5;
+let (x = eval("x++")) {
+  evalInFrame(0, ("for (var x = 0; x < 3; ++x) { (function(){})() } "))
+}
diff --git a/js/src/jsfun.cpp b/js/src/jsfun.cpp
index 2ddcf5d5efa..e905094161b 100644
--- a/js/src/jsfun.cpp
+++ b/js/src/jsfun.cpp
@@ -2050,7 +2050,14 @@ js::NewFunctionWithProto(ExclusiveContext *cx, Native native,
         newKind = SingletonObject;
 #ifdef DEBUG
     RootedObject nonScopeParent(cx, SkipScopeParent(enclosingDynamicScope));
-    MOZ_ASSERT(!nonScopeParent || nonScopeParent == cx->global());
+    // We'd like to assert that nonScopeParent is null-or-global, but
+    // js::ExecuteInGlobalAndReturnScope and debugger eval bits mess that up.
+    // Assert that it's one of those or a debug scope proxy or the unqualified
+    // var obj, since it should still be ok to parent to the global in that
+    // case.
+    MOZ_ASSERT(!nonScopeParent || nonScopeParent == cx->global() ||
+               nonScopeParent->is<DebugScopeObject>() ||
+               nonScopeParent->isUnqualifiedVarObj());
 #endif
     funobj = NewObjectWithClassProto(cx, &JSFunction::class_, proto, allocKind,
                                      newKind);
@@ -2141,10 +2148,12 @@ js::CloneFunctionObject(JSContext *cx, HandleFunction fun, HandleObject parent,
 #ifdef DEBUG
     RootedObject realParent(cx, SkipScopeParent(parent));
     // We'd like to assert that realParent is null-or-global, but
-    // js::ExecuteInGlobalAndReturnScope messes that up.  Assert that it's one
-    // of those or the unqualified var obj, since it should still be ok to
-    // parent to the global in that case.
+    // js::ExecuteInGlobalAndReturnScope and debugger eval bits mess that up.
+    // Assert that it's one of those or a debug scope proxy or the unqualified
+    // var obj, since it should still be ok to parent to the global in that
+    // case.
     MOZ_ASSERT(!realParent || realParent == cx->global() ||
+               realParent->is<DebugScopeObject>() ||
                realParent->isUnqualifiedVarObj());
 #endif
     JSObject *cloneobj = NewObjectWithClassProto(cx, &JSFunction::class_, cloneProto,