diff --git a/js/ipc/JavaScriptChild.cpp b/js/ipc/JavaScriptChild.cpp
index 71cb5dc0743f..dcc02aff883f 100644
--- a/js/ipc/JavaScriptChild.cpp
+++ b/js/ipc/JavaScriptChild.cpp
@@ -251,13 +251,18 @@ JavaScriptChild::AnswerDefineProperty(const ObjectId &objId, const nsString &id,
     if (!convertGeckoStringToId(cx, id, &internedId))
         return fail(cx, rs);
 
-    JSPropertyDescriptor desc;
-    if (!toDescriptor(cx, descriptor, &desc))
+    Rooted<JSPropertyDescriptor> desc(cx);
+    if (!toDescriptor(cx, descriptor, desc.address()))
         return false;
 
-    RootedValue v(cx, desc.value);
-    if (!js::CheckDefineProperty(cx, obj, internedId, v, desc.getter, desc.setter, desc.attrs) ||
-        !JS_DefinePropertyById(cx, obj, internedId, v, desc.getter, desc.setter, desc.attrs))
+    if (!js::CheckDefineProperty(cx, obj, internedId, desc.value(), desc.getter(),
+                                 desc.setter(), desc.attributes()))
+    {
+        return fail(cx, rs);
+    }
+
+    if (!JS_DefinePropertyById(cx, obj, internedId, desc.value(), desc.getter(),
+                               desc.setter(), desc.attributes()))
     {
         return fail(cx, rs);
     }
diff --git a/js/ipc/JavaScriptShared.cpp b/js/ipc/JavaScriptShared.cpp
index a9e5ef84d154..eba5be5bff4c 100644
--- a/js/ipc/JavaScriptShared.cpp
+++ b/js/ipc/JavaScriptShared.cpp
@@ -375,16 +375,18 @@ JavaScriptShared::toDescriptor(JSContext *cx, const PPropertyDescriptor &in, JSP
     out->shortid = in.shortid();
     if (!toValue(cx, in.value(), &out->value))
         return false;
-    if (!unwrap(cx, in.objId(), &out->obj))
+    Rooted<JSObject*> obj(cx);
+    if (!unwrap(cx, in.objId(), &obj))
         return false;
+    out->obj = obj;
 
     if (!in.getter()) {
         out->getter = NULL;
     } else if (in.attrs() & JSPROP_GETTER) {
-        JSObject *getter;
+        Rooted<JSObject*> getter(cx);
         if (!unwrap(cx, in.getter(), &getter))
             return false;
-        out->getter = JS_DATA_TO_FUNC_PTR(JSPropertyOp, getter);
+        out->getter = JS_DATA_TO_FUNC_PTR(JSPropertyOp, getter.get());
     } else {
         if (in.getter() == DefaultPropertyOp)
             out->getter = JS_PropertyStub;
@@ -395,10 +397,10 @@ JavaScriptShared::toDescriptor(JSContext *cx, const PPropertyDescriptor &in, JSP
     if (!in.setter()) {
         out->setter = NULL;
     } else if (in.attrs() & JSPROP_SETTER) {
-        JSObject *setter;
+        Rooted<JSObject*> setter(cx);
         if (!unwrap(cx, in.setter(), &setter))
             return false;
-        out->setter = JS_DATA_TO_FUNC_PTR(JSStrictPropertyOp, setter);
+        out->setter = JS_DATA_TO_FUNC_PTR(JSStrictPropertyOp, setter.get());
     } else {
         if (in.setter() == DefaultPropertyOp)
             out->setter = JS_StrictPropertyStub;
diff --git a/js/ipc/JavaScriptShared.h b/js/ipc/JavaScriptShared.h
index ea76d05d7b34..1685915179a6 100644
--- a/js/ipc/JavaScriptShared.h
+++ b/js/ipc/JavaScriptShared.h
@@ -112,14 +112,14 @@ class JavaScriptShared
     virtual bool makeId(JSContext *cx, JSObject *obj, ObjectId *idp) = 0;
     virtual JSObject *unwrap(JSContext *cx, ObjectId id) = 0;
 
-    bool unwrap(JSContext *cx, ObjectId id, JSObject **objp) {
+    bool unwrap(JSContext *cx, ObjectId id, JS::MutableHandle<JSObject*> objp) {
         if (!id) {
-            *objp = NULL;
+            objp.set(NULL);
             return true;
         }
 
-        *objp = unwrap(cx, id);
-        return !!*objp;
+        objp.set(unwrap(cx, id));
+        return bool(objp.get());
     }
 
     static void ConvertID(const nsID &from, JSIID *to);