We don't want to release Tails ISO's and learn 2 days later about important security issues fixed by Debian security updates. The following set of tools should be enough to avoid such bad timing, e.g. by delaying a Tails release a bit to wait for a DSA to happen.

Iceweasel
Debian security team
1. RequestTracker
2. Security tracker

Iceweasel

Mozilla updates are scheduled in advance. Searching the web for the next (point-)release number tells you when it will be released. Add 2-3 days to this release date, and you know when a xulrunner/iceweasel Debian security update will be ready on the mirrors.

See the releases page on Mozilla wiki.

Debian security team

RequestTracker

The Debian security team uses the Debian RT to track some of their work. Looking at their RT queues might help us see if something is being prepared. We, as a Debian derivative, have a read-only access to these queues.

Security tracker

The Debian security tracker's SVN repository is the main place where we can look at the Debian security team upcoming uploads and announces. There is also a mailing-list that broadcasts changes to this repository.