If developer is reporting the security issue, then the developer should upload a new version to AMO.
If a version has security problems, the DEVELOPER should disable that version on AMO.
If they have not, then you should ask the developer for the reason.
AMO will disable a version if there are reports from users. AMO does not (can not) check what is said on developers sites.
The questions in this posts are misdirected. The developer should have been able to answer the queries.
If a user wants to report a security issue that the developer has neglected to deal with (meaning disable the affected versions), then there is a different reporting procedure.
Finally, their version had bugs on Firefox. They finally fixed and uploaded Version 4.1.49 · May 3, 2017 · which was Approved and is online.