diff --git a/caps/src/nsSecurityManagerFactory.cpp b/caps/src/nsSecurityManagerFactory.cpp
index d3ec46a036bc..86913054d4b3 100644
--- a/caps/src/nsSecurityManagerFactory.cpp
+++ b/caps/src/nsSecurityManagerFactory.cpp
@@ -67,15 +67,6 @@ nsSecurityNameSet::InitializeNameSet(nsIScriptContext* aScriptContext)
     JSContext* cx = aScriptContext->GetNativeContext();
     JSObject *global = JS_ObjectToInnerObject(cx, JS_GetGlobalObject(cx));
 
-    // We hide enablePrivilege behind a pref because it has been altered in a
-    // way that makes it fundamentally insecure to use in production. Mozilla
-    // uses this pref during automated testing to support legacy test code that
-    // uses enablePrivilege. If you're not doing test automation, you _must_ not
-    // flip this pref, or you will be exposing all your users to security
-    // vulnerabilities.
-    if (!Preferences::GetBool("security.enablePrivilege.enable_for_tests"))
-        return NS_OK;
-
     /*
      * Find Object.prototype's class by walking up the global object's
      * prototype chain.
@@ -116,6 +107,15 @@ nsSecurityNameSet::InitializeNameSet(nsIScriptContext* aScriptContext)
             return NS_ERROR_FAILURE;
     }
 
+    // We hide enablePrivilege behind a pref because it has been altered in a
+    // way that makes it fundamentally insecure to use in production. Mozilla
+    // uses this pref during automated testing to support legacy test code that
+    // uses enablePrivilege. If you're not doing test automation, you _must_ not
+    // flip this pref, or you will be exposing all your users to security
+    // vulnerabilities.
+    if (!Preferences::GetBool("security.enablePrivilege.enable_for_tests"))
+        return NS_OK;
+
     /* Define PrivilegeManager object with the necessary "static" methods. */
     obj = JS_DefineObject(cx, securityObj, "PrivilegeManager", objectClass,
                           nullptr, 0);