Attacks on WWW clients

[crow!rik () uunet UU NET (Rik Farrow 602 282 0242 MST)]

I remembered seeing a reference to a list of security
vulnerabilities for WWW clients, like Mosaic.  I am looking
for a list or reference like this.  People keep asking me for
specific details, and all I can tell them about is

1) Postscript and the delete-file possiblity
2) URL's which include other commands (eg, after a semicolon).

Anyone know of a good reference, or have some examples?

RIk Farrow
rik () uworld com