Thunderbird using Firefox to call Yahoo?

I just saw this in my CPF log - should I be concerned?

206.190.56.28::https(443) is Yahoo! Broadcast Services, Inc. according to ARIN.

I have Thunderbird 2.0.0.6 with no plugins.

Date/Time :2007-08-09 20:51:42 Severity :Medium Reporter :Network Monitor Description:Outbound Policy Violation (Access Denied, ICMP = PORT UNREACHABLE) Protocol:ICMP Outgoing Source: 10.3.2.3 Destination: 10.3.2.1 Message: PORT UNREACHABLE Reason: Network Control Rule ID = 5

Date/Time :2007-08-09 20:51:22
Severity :High
Reporter :Application Behavior Analysis
Description: Suspicious Behaviour (firefox.exe)
Application: C:\Program Files\Mozilla Firefox\firefox.exe
Parent: C:\Program Files\DashCommand\DashCommand.exe
Protocol: TCP Out
Destination: 206.190.56.28::https(443)
Details: C:\Program Files\Mozilla Thunderbird\thunderbird.exe has tried to use C:\Program Files\Mozilla Firefox\firefox.exe through OLE Automation, which can be used to hijack other applications.

Date/Time :2007-08-09 20:51:21
Severity :High
Reporter :Application Behavior Analysis
Description: Suspicious Behaviour (firefox.exe)
Application: C:\Program Files\Mozilla Firefox\firefox.exe
Parent: C:\Program Files\DashCommand\DashCommand.exe
Protocol: UDP Out
Destination: 10.3.2.1::dns(53)
Details: C:\Program Files\Mozilla Thunderbird\thunderbird.exe has tried to use C:\Program Files\Mozilla Firefox\firefox.exe through OLE Automation, which can be used to hijack other applications.

Any help would be greatly appreciated.

Dave.

Welcome to the forums!

Here’s a good place to start learning about the firewall…

https://forums.comodo.com/index.php/topic,6167.0.html

A quick explanation about the various “hijacking” popups you get… These are due to the way applications communicate behind the scenes, share resources, and so on - all perfectly normal. Obviously, any activity that malware can emulate or hijack will try to be exploited. Thus, CFP monitors these things and alerts the user.

Problem is, aside from the Safelist, CFP doesn’t known the difference between good & bad; only suspicious activity. The rule of thumb from the developers is that if you know both applications in the alert, it is safe to Allow w/Remember, and you shouldn’t see that specific alert any further. The only time to be concerned is if you don’t know one or both applications in the alert…

If both applications are on the Safelist (and you’re using the Safelist), you shouldn’t see an alert. Safelist is enabled thru Security/Advanced/Miscellaneous/Do not show alerts for applications certified by Comodo. With v2.4, the Safelist is relatively small; with v3, this will be a considerable encrypted list of cryptographically signed applications.

In case you’re inclined to ask, no the user does not have access to the Safelist… this precludes tampering by malware as well…

hope that helps,

LM