Yes, CSS lists both IPv4 and IPv6 addresses.
CSS lists single "/32" IPv4 addresses.
CSS lists "/64" CIDR blocks in IPv6. Without such aggregation, IPv6 zone size could become unworkably large. Also, various gaming strategies used by spammers are much more difficult with aggregated blocks rather than single "/128" IPs. "/64" is the industry standard for the smallest IPv6 allocation to individual customers, even in home-use situations like cable, DSL or wireless. Thus, for ISPs which follow standard industry practices, CSS IPv6 listings will only affect a single customer.
Spamhaus IPv6 strategy statement, published June 2011, is the result of extensive discussions we had with various members of the anti-abuse community including a large number of ISPs:
The M3AAWG IPv6 Policy document provides an excellent summary; see in particular 'Tracking and Actioning Aggregate IPv6 Assignments Instead of Individual /128 Addresses':
The "/64" choice has RFC4291 as its origin, but what is more important is that essentially no one in the M3AAWG community objected to the adoption of a /64 granularity for blocking lists.
More technical reasons for choosing /64 customer assignments are indicated in http://etherealmind.com/allocating-64-wasteful-ipv6-not/