Also, here's a webkit code execution exploit that works on the Kindle 4.
http://imthezuk.blogspot.com/2010/11...fter-free.html
http://trac.webkit.org/changeset/64706
However, the POC linked above is designed for Android 2.1 and just does a DoS on the Kindle 3/4. When I have time, I'll play around with it to see if I can get the pointer right.
The shell code for above tries to call /system/bin/sh while Kindle uses /bin/sh, so the shell code needs to change too. Also, the current shell code tries to open a reverse shell. When testing it out to see if it works, on your computer, do "nc -l 12345". Set your computer's ip and port in hex in the HTML file, ln -sf /bin/sh /system/bin/sh, and load it with your Kindle. Then mess with the pointer found in the NaN() until you can type in shell commands on your computer and it loads on the Kindle (no output though). If THAT works, then I can modify the shell code to jailbreak. Have fun.