What ports do Firefox and Thunderbird use?

Security is a complex topic; there are pros and cons to consider when deciding whether to allow outgoing traffic. I can't possibly cover the entire topic, but I'll try to give you a relevant summary, here, that will answer your question.

Firefox

Firefox can use any outgoing ports. Internet URIs can have an arbitrary port number after the hostname (as in http://example.com:12345/index.html, that would connect on port 12345). In practice, websites use this sometimes, so if you limited outgoing traffic to ports 80 and 443, for example, some sites (or their embedded images, video, etc.), would not work. You could use a proxy or VPN to get around this, but that's another topic entirely, and isn't something I'd necessarily recommend without knowing your full requirements anyway.

Thunderbird

Thunderbird is sort of the same, but in a much more predictable sense. If you use IMAP, that's port 143 (unencrypted) or 993 (encrypted). Outgoing is either port 25, 587, or whatever your ISP tells you to use. So once you figure out which ports you need based on your mail accounts, you could allow those.

Allow Outgoing Traffic?

So as you can see, especially when it comes to web traffic, it's difficult-to-impossible to predict which outgoing ports to open. The good news is, it's usually fine to allow arbitrary outgoing ports. More to the point, you're not at significantly higher risk of compromise by allowing outgoing connections.

If you are already compromised, outgoing connections can allow things like spambots or botnets to do their dirty work, but as long as you limit your incoming connections and keep your OS and antivirus software up to date (and don't download anything stupid), you're unlikely to have any issues, especially with Linux, as there are far fewer in-the-wild Linux vulnerabilities as compared to Windows. Vulnerabilities are possible, but what I'm saying is you're not very likely to get hit if you're not already running a high traffic server on that machine, especially if you block incoming ports.

Block All Incoming Traffic

You don't need any incoming ports for Firefox or Thunderbird, so you can (and probably should) block all incoming connections except for the ones that you specifically need and have servers set up for (if any). This is a fairly common security practice. It's not the only way to do things, and isn't the most secure, but on the security — convenience continuum, it's a good compromise for most people/organizations.


Details

There is no simple answer to your question. In general, here are some of the default ports used:

  • Firefox
    • HTTP: 80
    • HTTPS: 443
    • FTP: 21
  • Thunderbird
    • POP3: 110, 995
    • IMAP: 143, 220, 585, 993
    • SMTP: 25, 587

See here for more default port usage. The problem with the list that I just gave you is that none of these are absolute. Anyone running a web server can configure the server to run on a port other than 80 or 8080. If I configure my web server to run on port 18415, and you've only allowed outgoing connections to ports 80 for web traffic, then you won't be able to access my site. The same is true for the mail server settings.


Answer

You're better off allowing all outgoing connections and blocking all incoming connections by default. Let me explain. I would assume you want to block outgoing connections to prevent malware from being able to "phone home." There's one big problem with this logic. The malware can still use open ports, like port 80.

If you can say for certain that all websites you access are listening on port 80, then check the account server settings in Thunderbird for all of your email accounts to learn which ports your email services are using. Whitelist all of them and block everything else outbound. If you come across a website that doesn't load, look after the domain name to see if there is a colon and a number (e.g. my.domain.com:8081/...). The number after the colon (8081 in my example) is the port number that web server is listening on. You'll have to whitelist those ports as well. You may run into problems though if iframes are used in web pages or if page resources are behind servers listening on other non-standard ports.


Checking outbound connections for an application

If you need to check which ports are being used by a particular application, you can do so with the netstat command. Open a terminal window and type netstat -anp | grep APPLICATION | grep ':', replacing APPLICATION with the name of your application (e.g. netstat -anp | grep firefox | grep ':'). If you don't know the name of your application, just type netstat -anp | grep ':'. This will return something like...

tcp        0      0 192.168.1.2:54054      117.18.237.29:80        ESTABLISHED 21691/firefox   
tcp        0      0 192.168.1.2:54630      54.230.44.211:80        ESTABLISHED 21691/firefox   
tcp        0      0 192.168.1.2:54052      117.18.237.29:80        ESTABLISHED 21691/firefox

The column from the output that we're interested in is...

117.18.237.29:80
54.230.44.211:80
117.18.237.29:80

This shows that firefox is has three open outbound connections to two different servers all on port 80. It's worth mentioning that with firefox, this list of connections would be changing quite regularly. If you want to watch just the outbound connections for firefox, you could do so like this (Ctrl+C to quit):

while true; do clear; netstat -anp | grep firefox | grep : | awk '{print $5}'; sleep 1; done

If you have your firewall configured to DENY outgoing connections, you'll see blocked ports while the connection is in the SYN_SENT state. Here's an example with my machine trying to connect to a service on a remote system where that services is listening on port 3142.

tcp        0      1 192.168.1.2:44424      118.202.212.194:3142    SYN_SENT    21691/firefox