#!/usr/bin/env ruby

##
# mozilla 0day digger
# hdm[at]metasploit.com
##

require 'net/http'
require 'net/https'
require 'uri'


def processBug(cref)
	return if not cref[:bug]
	uri = URI.parse(cref[:bug])

	$stderr.puts "[*] Check Mozilla Bug ##{cref[:bug]}..."
	
	http = Net::HTTP.new('bugzilla.mozilla.org', 443)
	http.use_ssl = true
	http.verify_mode = OpenSSL::SSL::VERIFY_NONE
	resp = http.get("/show_bug.cgi?id=#{cref[:bug]}")
	
	if (resp and resp.body and resp.body =~ /Access Denied/)
		$stdout.puts "Bug ##{cref[:bug]} by #{cref[:author]} at http://bonsai.mozilla.org/#{cref[:diff]}"
	end
end


$stderr.puts "[*] Downloading the Mozilla monthly commit list..."
res = Net::HTTP.get( URI.parse('http://bonsai.mozilla.org/cvsquery.cgi?dir=mozilla&date=month') )


$stderr.puts "[*] Parsing the commit list for vulnerabilities..."


cref = nil
res.each_line do |line|
	if (line =~ /registry\/who\.cgi\?email=([^\']+)/)
		if (cref)
			processBug(cref)
		end
		cref = { :author => $1.gsub('%25', '@') }
	end
	
	if (cref and line =~ /(cvsview2\.cgi\?diff_mode[^\']+)/)
		cref[:diff] = $1
	end
	
	if (cref and line =~ /https...bugzilla.mozilla.org\/show_bug\.cgi\?id=(\d+)/)
		cref[:bug] = $1
	end
end