--- a/toolkit/components/resistfingerprinting/nsRFPService.cpp
+++ b/toolkit/components/resistfingerprinting/nsRFPService.cpp
@@ -30,16 +30,17 @@
 #include "nsIPrefBranch.h"
 #include "nsIPrefService.h"
 #include "nsIRandomGenerator.h"
 #include "nsIXULAppInfo.h"
 #include "nsIXULRuntime.h"
 #include "nsJSUtils.h"
 
 #include "prenv.h"
+#include "nss.h"
 
 #include "js/Date.h"
 
 using namespace mozilla;
 using namespace std;
 
 #ifdef DEBUG
 static mozilla::LazyLogModule gResistFingerprintingLog("nsResistFingerprinting");
@@ -473,17 +474,23 @@ nsRFPService::ReduceTimePrecisionImpl(
   // constant (e.g. 10s) that are across the zero barrier will no longer work. We need to
   // round consistently towards positive infinity or negative infinity (we chose negative.)
   // This can't be done with a truncation, it must be done with floor.
   long long clamped = floor(double(timeAsInt) / resolutionAsInt) * resolutionAsInt;
 
 
   long long midpoint = 0,
             clampedAndJittered = clamped;
-  if (sJitter) {
+  // RandomMidpoint uses crypto functions from NSS. But we wind up in this code _very_ early
+  // on in and we don't want to initialize NSS earlier than it would be initialized naturally.
+  // Doing so caused nearly every xpcshell test to fail, as well as Marionette.
+  // This is safe, because we're not going to be doing any web context stuff before NSS is
+  // initialized, so anything that winds up here won't be exposed to content so we don't
+  // really need to worry about fuzzing its value.
+  if (sJitter && NSS_IsInitialized()) {
     if(!NS_FAILED(RandomMidpoint(clamped, resolutionAsInt, &midpoint)) &&
        timeAsInt >= clamped + midpoint) {
       clampedAndJittered += resolutionAsInt;
     }
   }
 
   // Cast it back to a double and reduce it to the correct units.
   double ret = double(clampedAndJittered) / (1000000.0 / aTimeScale);