The kindle browser is using a very old webkit. Perhaps there is a known exploit that works? It runs as root, so even reading or writing a local file should be enough:
http://www.metasploit.com/modules/au...t_xslt_dropper
This is not an easy option, but the iMX50x SoCs have two external boot mode signals that control the boot process, allowing for download and execution a program from the USB port. This will allow you to run a non crippled uboot.
http://cache.freescale.com/files/32b...=Documentation