diff --git a/lib/nss/nssinit.c b/lib/nss/nssinit.c
--- a/lib/nss/nssinit.c
+++ b/lib/nss/nssinit.c
@@ -621,16 +621,31 @@ nss_Init(const char *configdir, const ch
 		initParams->minPWLen);
 	    if (configStrings == NULL) {
 		PORT_SetError(SEC_ERROR_NO_MEMORY);
 		goto loser;
 	    }
 	    configName = initParams->libraryDescription;
 	    passwordRequired = initParams->passwordRequired;
 	}
+
+	/* If we're NSS_ContextInit, we're probably a library. It could be
+	 * possible that the application initialized NSS then forked(). The
+	 * library would have no knowledge of that. If we call 
+	 * SECMOD_RestartModules() here, we will be able to continue on with
+	 * NSS as normal. SECMOD_RestartModules() does have the side affect
+	 * of losing all our PKCS #11 objects in the new process, but only if
+	 * the module needs to be reinited. If it needs to be reinit those
+	 * objects are inaccessible anyway, it it's always save to call
+	 * SECMOD_RestartModules(PR_FALSE).
+	 */
+	/* NOTE: We could call SECMOD_Init() here, but if we aren't already
+	 * inited, then there's no modules to restart, so SECMOD_RestartModules
+	 * will return immediately */
+	SECMOD_RestartModules(PR_FALSE);
     } else {
 	configStrings = pk11_config_strings;
 	configName = pk11_config_name;
 	passwordRequired = pk11_password_required;
     }
 
     /* Skip the module init if we are already initted and we are trying
      * to init with noCertDB and noModDB */