diff -Nru ubuntu-release-upgrader-16.04.24/debian/changelog ubuntu-release-upgrader-16.04.25/debian/changelog
--- ubuntu-release-upgrader-16.04.24/debian/changelog	2018-02-21 01:08:07.000000000 +0000
+++ ubuntu-release-upgrader-16.04.25/debian/changelog	2018-04-09 14:02:27.000000000 +0000
@@ -1,3 +1,9 @@
+ubuntu-release-upgrader (1:16.04.25) xenial-security; urgency=medium
+
+  * Properly drop permissions when opening a browser. (LP: #1174007)
+
+ -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Mon, 09 Apr 2018 10:01:24 -0400
+
 ubuntu-release-upgrader (1:16.04.24) xenial; urgency=medium
 
   * data/mirrors.cfg: Update mirrors for removals and additions.
diff -Nru ubuntu-release-upgrader-16.04.24/DistUpgrade/ReleaseNotesViewer.py ubuntu-release-upgrader-16.04.25/DistUpgrade/ReleaseNotesViewer.py
--- ubuntu-release-upgrader-16.04.24/DistUpgrade/ReleaseNotesViewer.py	2016-07-22 15:47:47.000000000 +0000
+++ ubuntu-release-upgrader-16.04.25/DistUpgrade/ReleaseNotesViewer.py	2018-04-09 14:02:12.000000000 +0000
@@ -44,6 +44,9 @@
     # Avoid to run the browser as user root
     if os.getuid() == 0 and 'SUDO_USER' in os.environ:
         command = ['sudo', '-u', os.environ['SUDO_USER']] + command
+    elif os.getuid() == 0 and 'PKEXEC_UID' in os.environ:
+        command = ['sudo', '-H', '-u',
+                   '#' + os.environ['PKEXEC_UID']] + command
     subprocess.Popen(command)