--- a/accessible/ipc/win/handler/AccessibleHandler.cpp
+++ b/accessible/ipc/win/handler/AccessibleHandler.cpp
@@ -12,16 +12,17 @@
 
 #include "AccessibleHandler.h"
 #include "AccessibleHandlerControl.h"
 #include "AccessibleTextTearoff.h"
 
 #include "Factory.h"
 #include "HandlerData.h"
 #include "mozilla/ArrayUtils.h"
+#include "mozilla/a11y/HandlerDataCleanup.h"
 #include "mozilla/mscom/Registration.h"
 #include "mozilla/UniquePtr.h"
 
 #include <objbase.h>
 #include <uiautomation.h>
 #include <winreg.h>
 
 #include "AccessibleHypertext.h"
@@ -80,16 +81,18 @@ AccessibleHandler::AccessibleHandler(IUn
     return;
   }
 
   mCacheGen = ctl->GetCacheGen();
 }
 
 AccessibleHandler::~AccessibleHandler()
 {
+  // No need to zero memory, since we're being destroyed anyway.
+  CleanupDynamicIA2Data(mCachedData.mDynamicData, false);
   if (mCachedData.mGeckoBackChannel) {
     mCachedData.mGeckoBackChannel->Release();
   }
 }
 
 HRESULT
 AccessibleHandler::ResolveIA2()
 {
@@ -314,16 +317,19 @@ AccessibleHandler::ReadHandlerPayload(IS
   // interfaces are available. Therefore, deserialize into a temporary struct
   // and update mCachedData only after deserialization completes.
   // The decoding functions can misbehave if their target memory is not zeroed
   // beforehand, so ensure we do that.
   IA2Payload newData{};
   if (!deserializer.Read(&newData, &IA2Payload_Decode)) {
     return E_FAIL;
   }
+  // Clean up the old data.
+  // No need to zero memory, since we're about to completely replace this.
+  CleanupDynamicIA2Data(mCachedData.mDynamicData, false);
   mCachedData = newData;
 
   // These interfaces have been aggregated into the proxy manager.
   // The proxy manager will resolve these interfaces now on QI,
   // so we can release these pointers.
   // However, we don't null them out because we use their presence
   // to determine whether the interface is available
   // so as to avoid pointless cross-proc QI calls returning E_NOINTERFACE.