'Active-X' is the term that MS invented to describe using Object Linking and Embedding ('OLE') in IE. OLE is itself based on the Common Object Model ('COM'), which is in turn based on Dynamic Data Exchange ('DDE')
Basically, Active-X is a technology which is intended to enable the creation of a rich user experience within the context of a web browser. Because of security restrictions within the browser on what it can and cannot do, there are certain things that are inherently off-limits; modifying arbitrary files on the local host, accessing arbitrary services provided by the local host, etc. Active-X is an attempt to provide access to this additional functionality in a safe (and vendor-specific) manner. It fails miserably on the first part.
It is possible to configure Mozilla/Firefox to host an Active-X control on Windows machines, although it requires some jumping through hoops, and even then usually doesn't work all that well. For none-windows machines, well, they don't have Active-X to start with.
The Mozilla browsers offer an alternative technology (actually two); NPAPI based on XPConnect, and an extended NPAPI known as npruntime. IE supported NPAPI up to IE 5.5, but dropped it, citing NPAPI as being a 'security issue'.
npruntimie is currently supported by Mozilla (and derivatives), Safari, and Opera.
npruntime and NPAPI both exist to offer the same type of functionality as Active-X; they are therefore NOT inherently more secure than Active-X in this regard. The thing that makes them a better option lies in the fact that with Active-X, a Bad Guy can build an Active-X control, host on a site he controls, and trick the Dumb User into loading it. I'm don't know how Safari and Opera handle this, but with Firefox, the only place that the browser will automatically allow you to download a plugin from is from the Firefox plugin server. While it is possible to download and install a plugin from elsewhere, this requires directed and determined action from the user.
I hope that answers your questions.
