it seems that less than two months after the release of sarge it is
not possible to support Mozilla, Thunderbird, Firefox (and probably
Galeon) packages anymore. (in terms of fixing security related
problems)
Unfortunately the Mozilla Foundation does not provide dedicated and
clean patches for security updates but only releases new versions that
fix tons of security related problems and other stuff that is or may
be irrelevant for security updates. As a result, it is extremely
difficult to get security patches extracted and backported. This is
an utter disaster for security teams and distributions that try to
support their releases.