diff --git a/caps/src/nsScriptSecurityManager.cpp b/caps/src/nsScriptSecurityManager.cpp
index bb4bf3d998e..3a7d903e212 100644
--- a/caps/src/nsScriptSecurityManager.cpp
+++ b/caps/src/nsScriptSecurityManager.cpp
@@ -3325,6 +3325,41 @@ nsScriptSecurityManager::Observe(nsISupports* aObject, const char* aTopic,
     return rv;
 }
 
+///////////////////////////////////
+// Default ObjectPrincipalFinder //
+///////////////////////////////////
+
+// The default JSSecurityCallbacks::findObjectPrincipals is necessary since
+// scripts run (and ask for object principals) during startup before
+// nsJSRuntime::Init() has been called (which resets findObjectPrincipals).
+
+// Defined NS_EXPORT for linkage with debug-only assert in xpcshell
+NS_EXPORT JSPrincipals *
+NS_DefaultObjectPrincipalFinder(JSContext *cx, JSObject *obj)
+{
+    nsScriptSecurityManager *ssm = nsScriptSecurityManager::GetScriptSecurityManager();
+    if (!ssm) {
+        return nsnull;
+    }
+
+    nsCOMPtr<nsIPrincipal> principal;
+    nsresult rv = ssm->GetObjectPrincipal(cx, obj, getter_AddRefs(principal));
+    if (NS_FAILED(rv) || !principal) {
+        return nsnull;
+    }
+
+    JSPrincipals *jsPrincipals = nsnull;
+    principal->GetJSPrincipals(cx, &jsPrincipals);
+
+    // nsIPrincipal::GetJSPrincipals() returns a strong reference to the
+    // JS principals, but the caller of this function expects a weak
+    // reference. So we need to release here.
+
+    JSPRINCIPALS_DROP(cx, jsPrincipals);
+
+    return jsPrincipals;
+}
+
 /////////////////////////////////////////////
 // Constructor, Destructor, Initialization //
 /////////////////////////////////////////////
@@ -3397,7 +3432,7 @@ nsresult nsScriptSecurityManager::Init()
     static JSSecurityCallbacks securityCallbacks = {
         CheckObjectAccess,
         NULL,
-        NULL,
+        NS_DefaultObjectPrincipalFinder,
         ContentSecurityPolicyPermitsJSAction
     };
 
diff --git a/js/src/xpconnect/shell/xpcshell.cpp b/js/src/xpconnect/shell/xpcshell.cpp
index 2623fb7c76e..935f5adffca 100644
--- a/js/src/xpconnect/shell/xpcshell.cpp
+++ b/js/src/xpconnect/shell/xpcshell.cpp
@@ -1750,6 +1750,10 @@ FindObjectPrincipals(JSContext *cx, JSObject *obj)
     return gJSPrincipals;
 }
 
+// defined in nsScriptSecurityManager.cpp
+NS_IMPORT JSPrincipals *
+NS_DefaultObjectPrincipalFinder(JSContext *cx, JSObject *obj);
+
 int
 main(int argc, char **argv, char **envp)
 {
@@ -1903,7 +1907,7 @@ main(int argc, char **argv, char **envp)
 
         JSSecurityCallbacks *cb = JS_GetRuntimeSecurityCallbacks(rt);
         NS_ASSERTION(cb, "We are assuming that nsScriptSecurityManager::Init() has been run");
-        NS_ASSERTION(!cb->findObjectPrincipals, "Your pigeon is in my hole!");
+        NS_ASSERTION(cb->findObjectPrincipals == NS_DefaultObjectPrincipalFinder, "Your pigeon is in my hole!");
         cb->findObjectPrincipals = FindObjectPrincipals;
 
 #ifdef TEST_TranslateThis