CVE-2009-3385 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3385): The mail component in Mozilla SeaMonkey before 1.1.19 does not properly restrict execution of scriptable plugin content, which allows user-assisted remote attackers to obtain sensitive information via crafted content in an IFRAME element in an HTML e-mail message, as demonstrated by a Flash object that sends arbitrary local files during a reply or forward operation.
CVE-2010-0163 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0163): Mozilla Thunderbird before 2.0.0.24 and SeaMonkey before 1.1.19 process e-mail attachments with a parser that performs casts and line termination incorrectly, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted message, related to message indexing.
seamonkey-1 is no longer in the tree...
Nothing for mozilla team to do here, none of the affected versions/packages are in-tree anymore.
This one seemed to have missed the big Mozilla GLSA 201301-01. Users have already been advised to update: no GLSA will be issued for this bug.