Review: Firefox Hardening Baselines from Red-Team Tradecraft for Drupal/WordPress Admin and AI Coding Workflows

Most CMS incidents do not start with an RCE in Drupal core or WordPress core. They start with a browser session on a privileged laptop. If your admins, release engineers, and AI-assisted developers live inside browser tabs all day, your browser is part of your production control plane. This review translates common red-team browser attack methods into concrete Firefox baselines you can enforce for Drupal and WordPress environments. The Red-Team Attack Paths That Matter Most for CMS Teams External red teams repeatedly target these browser-centric paths: Session cookie and token theft from privileged browser contexts. Credential capture through phishing pages, fake SSO prompts, and malicious browser extensions. Cross-origin abuse after users keep many sensitive tabs open (hosting panel, CI, GitHub, CMS admin, AI tools). Data exfiltration through clipboard history, autofill, and unsanctioned extensions. Lateral movement from compromised developer endpoints into CMS deployment workflows. F