More information about this security flaw is available in the following bug: https://bugzilla.redhat.com/show_bug.cgi?id=2326998 Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
It seems to me that SeaMonkey does not use PostCSS in any way (at least, for now). Probably it was included into the issue just because is was labeled as "gecko-related" (as many similar erroneous SeaMonkey bugreports have been in the past). Unfortunately, I don't have access to bug 2326998, so I can't obtain its additional info (and pass it upstream if needed). Anyway, there are only a few indirect references to PostCSS in the code, related to the context of additional external software for (actually unused and incomplete) devtools. So probably all these SM bugs should be closed "notabug".
OK, now bug 2326998 is accessible. SeaMonkey does not use PostCSS in any way for now.
The needinfo request[s] on this closed bug have been removed as they have been unresolved for 120 days