diff --git a/browser/base/content/browser.js b/browser/base/content/browser.js
index 06dfc9cf8023..82a59db83f69 100644
--- a/browser/base/content/browser.js
+++ b/browser/base/content/browser.js
@@ -3874,7 +3874,7 @@ nsBrowserStatusHandler.prototype =
       this.securityButton.removeAttribute("label");
 
     this.securityButton.setAttribute("tooltiptext", this._tooltipText);
-    getIdentityHandler().checkIdentity(this._state, this._host);
+    getIdentityHandler().checkIdentity(this._state, gBrowser.contentWindow.location);
   },
 
   // simulate all change notifications after switching tabs
@@ -5984,9 +5984,9 @@ IdentityHandler.prototype = {
   IDENTITY_MODE_DOMAIN_VERIFIED  : "verifiedDomain",   // Minimal SSL CA-signed domain verification
   IDENTITY_MODE_UNKNOWN          : "unknownIdentity",  // No trusted identity information
 
-  // Cache the most recently seen SSLStatus and URI to prevent unnecessary updates
+  // Cache the most recent SSLStatus and Location seen in checkIdentity
   _lastStatus : null,
-  _lastHost : null,
+  _lastLocation : null,
 
   /**
    * Build out a cache of the elements that we need frequently.
@@ -6051,14 +6051,14 @@ IdentityHandler.prototype = {
    * be called by onSecurityChange
    * 
    * @param PRUint32 state
-   * @param AUTF8String host
+   * @param Location location
    */
-  checkIdentity : function(state, host) {
+  checkIdentity : function(state, location) {
     var currentStatus = gBrowser.securityUI
                                 .QueryInterface(Components.interfaces.nsISSLStatusProvider)
                                 .SSLStatus;
     this._lastStatus = currentStatus;
-    this._lastHost = host;
+    this._lastLocation = location;
     
     if (state & Components.interfaces.nsIWebProgressListener.STATE_IDENTITY_EV_TOPLEVEL)
       this.setMode(this.IDENTITY_MODE_IDENTIFIED);
@@ -6068,6 +6068,23 @@ IdentityHandler.prototype = {
       this.setMode(this.IDENTITY_MODE_UNKNOWN);
   },
   
+  /**
+   * Return the eTLD+1 version of the current hostname
+   */
+  getEffectiveHost : function() {
+    // Cache the eTLDService if this is our first time through
+    if (!this._eTLDService)
+      this._eTLDService = Cc["@mozilla.org/network/effective-tld-service;1"]
+                         .getService(Ci.nsIEffectiveTLDService);
+    try {
+      return this._eTLDService.getBaseDomainFromHost(this._lastLocation.hostname);
+    } catch (e) {
+      // If something goes wrong (e.g. hostname is an IP address) just fail back
+      // to the full domain.
+      return this._lastLocation.hostname;
+    }
+  },
+  
   /**
    * Update the UI to reflect the specified mode, which should be one of the
    * IDENTITY_MODE_* constants.
@@ -6106,24 +6123,15 @@ IdentityHandler.prototype = {
       var icon_label = "";
       switch (gPrefService.getIntPref("browser.identity.ssl_domain_display")) {
         case 2 : // Show full domain
-          icon_label = this._lastHost;
+          icon_label = this._lastLocation.hostname;
           break;
-        case 1 : // Show eTLD.  Cache eTLD service the first time we need it.
-          if (!this._eTLDService)
-            this._eTLDService = Cc["@mozilla.org/network/effective-tld-service;1"]
-                                .getService(Ci.nsIEffectiveTLDService);
-          try {
-            icon_label = this._eTLDService.getBaseDomainFromHost(this._lastHost);
-          } catch (e) {
-            // If something goes wrong (e.g. _lastHost is an IP address) just fail back
-            // to the full domain.
-            icon_label = this._lastHost;
-          }
+        case 1 : // Show eTLD.
+          icon_label = this.getEffectiveHost();
       }
       
       // We need a port number for all lookups.  If one hasn't been specified, use
       // the https default
-      var lookupHost = this._lastHost;
+      var lookupHost = this._lastLocation.host;
       if (lookupHost.indexOf(':') < 0)
         lookupHost += ":443";
 
@@ -6178,21 +6186,10 @@ IdentityHandler.prototype = {
     // Initialize the optional strings to empty values
     var supplemental = "";
     var verifier = "";
-      
-    // Cache eTLD service if we haven't yet
-    if (!this._eTLDService)
-      this._eTLDService = Cc["@mozilla.org/network/effective-tld-service;1"]
-                          .getService(Ci.nsIEffectiveTLDService);
     
     if (newMode == this.IDENTITY_MODE_DOMAIN_VERIFIED) {
       var iData = this.getIdentityData();
-
-      try {
-        var host = this._eTLDService.getBaseDomainFromHost(this._lastHost);
-      } catch (e) {
-        // Fail back to the full domain.
-        host = this._lastHost;
-      }
+      var host = this.getEffectiveHost();
       var owner = this._stringBundle.getString("identity.ownerUnknown2");
       verifier = this._identityBox.tooltipText;
       supplemental = "";
@@ -6200,13 +6197,7 @@ IdentityHandler.prototype = {
     else if (newMode == this.IDENTITY_MODE_IDENTIFIED) {
       // If it's identified, then we can populate the dialog with credentials
       iData = this.getIdentityData();
-
-      try {
-        host = this._eTLDService.getBaseDomainFromHost(this._lastHost);
-      } catch (e) {
-        // Fail back to the full domain.
-        host = this._lastHost;
-      }
+      host = this.getEffectiveHost();
       owner = iData.subjectOrg; 
       verifier = this._identityBox.tooltipText;
 
diff --git a/browser/base/content/test/Makefile.in b/browser/base/content/test/Makefile.in
index cd0047826021..fbae5dca52d2 100644
--- a/browser/base/content/test/Makefile.in
+++ b/browser/base/content/test/Makefile.in
@@ -53,6 +53,7 @@ _BROWSER_FILES = browser_bug321000.js \
                  browser_bug405137.js \
                  browser_bug409481.js \
                  browser_autodiscovery.js \
+                 browser_bug420160.js \
                  autodiscovery.html \
                  moz.png \
                  browser_getshortcutoruri.js \
diff --git a/browser/base/content/test/browser_bug420160.js b/browser/base/content/test/browser_bug420160.js
new file mode 100644
index 000000000000..a97e2e6fb094
--- /dev/null
+++ b/browser/base/content/test/browser_bug420160.js
@@ -0,0 +1,50 @@
+var listener = {
+  testFunction : null,
+  
+  handleEvent : function (e) {
+    this.testFunction();
+  }
+}
+
+var newBrowser;
+
+/* Tests for correct behaviour of getEffectiveHost on identity handler */
+function test() {
+  
+  waitForExplicitFinish();
+  
+  ok(getIdentityHandler(), "getIdentityHandler should return a result");
+  ok(gIdentityHandler, "gIdentityHandler should exist");
+  
+  var newTab = gBrowser.addTab();
+  gBrowser.selectedTab = newTab;
+  newBrowser = gBrowser.getBrowserForTab(newTab);
+  
+  newBrowser.addEventListener("load", listener, true);
+  listener.testFunction = testNormalDomain;  
+  newBrowser.contentWindow.location = 'http://test1.example.org/';
+}
+
+function testNormalDomain() {
+  is(gIdentityHandler._lastLocation.host, 'test1.example.org', "Identity handler is getting the full location");
+  is(gIdentityHandler.getEffectiveHost(), 'example.org', "getEffectiveHost should return example.org for test1.example.org");
+  
+  listener.testFunction = testNormalDomainWithPort;
+  newBrowser.contentWindow.location = 'http://sub1.test1.example.org:8000/';
+}
+
+function testNormalDomainWithPort() {
+
+  is(gIdentityHandler._lastLocation.host, 'sub1.test1.example.org:8000', "Identity handler is getting port information");
+  is(gIdentityHandler.getEffectiveHost(), 'example.org', "getEffectiveHost should return example.org for sub1.test1.example.org:8000");
+  
+  listener.testFunction = testIPWithPort;
+  newBrowser.contentWindow.location = 'http://127.0.0.1:8888/';
+}
+
+function testIPWithPort() {
+  is(gIdentityHandler.getEffectiveHost(), '127.0.0.1', "getEffectiveHost should return 127.0.0.1 for 127.0.0.1:8888");
+  newBrowser.removeEventListener("load", listener, true);
+  gBrowser.removeCurrentTab();
+  finish();
+}