diff --git a/RELEASE-NOTES b/RELEASE-NOTES
index a1d40d5950eb0b7d864ac6dc60a936350e184c54..770145dfadf3ec7cab04a963ac8b4d9aa5a2350a 100644
--- a/RELEASE-NOTES
+++ b/RELEASE-NOTES
@@ -58,6 +58,7 @@ This release includes the following bugfixes:
  o winbuild: run buildconf.bat if necessary
  o buildconf.bat: fix syntax error
  o curl_sspi: fix possibly undefined CRYPT_E_REVOKED [16]
+ o nss: prevent NSS from incorrectly re-using a session [18]
 
 This release includes the following known bugs:
 
@@ -96,3 +97,4 @@ References to bug reports and discussions on issues:
  [15] = http://curl.haxx.se/bug/?i=409
  [16] = http://curl.haxx.se/bug/?i=411
  [17] = http://daniel.haxx.se/blog/2015/09/11/unnecessary-use-of-curl-x/
+ [18] = https://bugzilla.mozilla.org/1202264
diff --git a/lib/vtls/nss.c b/lib/vtls/nss.c
index 048273cf2c41b6960a24a11fae8e092d58b144f6..09214a52b6cf7d156914654189b391e0ea0685f3 100644
--- a/lib/vtls/nss.c
+++ b/lib/vtls/nss.c
@@ -1806,6 +1806,10 @@ static CURLcode nss_setup_connect(struct connectdata *conn, int sockindex)
   if(SSL_SetURL(connssl->handle, conn->host.name) != SECSuccess)
     goto error;
 
+  /* prevent NSS from re-using the session for a different hostname */
+  if(SSL_SetSockPeerID(connssl->handle, conn->host.name) != SECSuccess)
+    goto error;
+
   return CURLE_OK;
 
 error: