This will probably make more sense to you that me: Specifically, he got infected from running Opera on Windows, wherein Opera exports their XML data binding functions to the published operating system engine, which is dun-dun-da-daaaaa the one that IE uses (Remember the bit about how IE was inextricably part of Windows? Yeah. Great design decision.) which is Microsoft's. The exploit basically uses a set of XML code that builds data objects in memory that sit in IE's memory space within the OS, carefully crafted data objects that bear binary code. The exploit then specifically exploits the fact that the XML rendering engine, when told to get rid of the data objects, doesn't perform proper memory management and garbage collection, and doesn't run in a sandbox /per se/ with lowered data execution privileges and operating system resources but in fact runs as whatever level the user runs IE at. Which is almost always with permissions to install software. This is a classic memory buffer overflow exploit, and is entirely Microsoft's fault for not fixing it so long, long ago.

Firefox can have plugins (I have them, I use them in a secure manner, if anyone ever gets an exploit to automatically trigger them I'll remove them, it's unlikely as they're not common usage). Opera defaults on install (I'm told) to send the user agent as IE, and apparently uses the IE XML memory buffer, which is where the problem was.

I used to recommend Opera to anyone that wasn't using extensions, what's the point of Fx if you don't use the extensions after all, out of the box Opera is better.

But if what I've read is correct, Opera is less secure, thus I'll now recommend Chrome, which at least has brand recognition for people that care about such things or trust names they know.