diff -up mozilla-aurora/security/sandbox/linux/broker/SandboxBroker.cpp.build-sandbox mozilla-aurora/security/sandbox/linux/broker/SandboxBroker.cpp
--- mozilla-aurora/security/sandbox/linux/broker/SandboxBroker.cpp.build-sandbox	2015-12-16 16:47:02.000000000 +0100
+++ mozilla-aurora/security/sandbox/linux/broker/SandboxBroker.cpp	2016-01-21 15:34:59.168878105 +0100
@@ -201,7 +201,7 @@ AllowAccess(int aReqFlags, int aPerms)
 // on this process.  These shouldn't be relevant to the child process
 // in any case due to the sandboxing restrictions on it.  (See also
 // the use of MSG_CMSG_CLOEXEC in SandboxBrokerCommon.cpp).
-static const int kRequiredOpenFlags = O_CLOEXEC | O_NOCTTY;
+static const int kRequiredOpenFlags = O_NOCTTY;
 
 // Linux originally assigned a flag bit to O_SYNC but implemented the
 // semantics standardized as O_DSYNC; later, that bit was renamed and
@@ -212,7 +212,7 @@ static const int kRequiredOpenFlags = O_
 static const int kAllowedOpenFlags =
   O_APPEND | O_ASYNC | O_DIRECT | O_DIRECTORY | O_EXCL | O_LARGEFILE
   | O_NOATIME | O_NOCTTY | O_NOFOLLOW | O_NONBLOCK | O_NDELAY | O_SYNC_NEW
-  | O_TRUNC | O_CLOEXEC | O_CREAT;
+  | O_TRUNC | O_CREAT;
 #undef O_SYNC_NEW
 
 static bool
@@ -358,6 +358,7 @@ SandboxBroker::ThreadMain(void)
           // new ones).
           openedFd = open(pathBuf, req.mFlags | kRequiredOpenFlags, 0600);
           if (openedFd >= 0) {
+            fcntl(openedFd, F_SETFD, fcntl(openedFd, F_GETFD, 0) | FD_CLOEXEC);
             resp.mError = 0;
           } else {
             resp.mError = errno;
diff -up mozilla-aurora/security/sandbox/linux/SandboxBrokerClient.cpp.build-sandbox mozilla-aurora/security/sandbox/linux/SandboxBrokerClient.cpp
--- mozilla-aurora/security/sandbox/linux/SandboxBrokerClient.cpp.build-sandbox	2016-01-21 15:48:55.807532739 +0100
+++ mozilla-aurora/security/sandbox/linux/SandboxBrokerClient.cpp	2016-01-21 15:49:26.163518779 +0100
@@ -149,9 +149,10 @@ SandboxBrokerClient::Open(const char* aP
   int maybeFd = DoCall(&req, aPath, nullptr, true);
   if (maybeFd >= 0) {
     // NSPR has opinions about file flags.  Fix O_CLOEXEC.
-    if ((aFlags & O_CLOEXEC) == 0) {
-      fcntl(maybeFd, F_SETFD, 0);
-    }
+    // O_CLOEXEC is not available in RHEL5
+    //if ((aFlags & O_CLOEXEC) == 0) {
+    //  fcntl(maybeFd, F_SETFD, 0);
+    //}
   }
   return maybeFd;
 }