These are all harmless, and can be ignored.
A ... connection attempt to TCP ... from ... :80
happens when you close a browser window before it has fully loaded. (Having Javascript on the page that periodically queries the server for live updates counts as "not fully loaded".) The server is still trying to send the missing parts of the page, but the page is no longer there to listen. An incoming packet without a listening socket a "stealth mode connection attempt", according to the firewall, even if it is not actually a connection attempt.
A ... connection attempt to TCP ... from ... :443
is the same thing, except for an https: page. You didn't report any of those, but if you see one you can ignore it, too.
A ... connection attempt to UDP ... from ...:53
is a slow response from a DNS server. Your computer sends out a DNS request to one server, doesn't get a quick response, so it tries an alternate server. One of the two servers answers, and then some time later the other server answers. The second reply is, according to the firewall, a "stealth mode connection attempt" (even though there's no such thing as a DNS connection, DNS being a "connectionless protocol").