The other caution is that "NativeBridge"/"LIPC" access appears to allow pulling the Amazon account tokens.
This is bad news if you have WIFI enabled and have an older or Jailbroken device.
From a really malicious perspective, there's a far-too-obvious way to brick a Kindle
I actually asked Amazon to make a one-character change to make the boot process safer - (using `-x` instead of `-e` ) and they chose not to
From the jailbreaking perspective ... this really ties into a family of jailbreaking techniques
1. Getting execution from LIPC access .. This is largely unexplored, and there's probably more shell injection here The lowest hanging fruit are the API's that allow copying or downloading files, combined with a few files that impact execution. When everything is 'mtd', this will be closed
2. Getting LIPC access - right now, the easiest way seems to be abusing Pillow - but any Chrome exploit which leads to sandboxed execution would also give this.
I know of the "Mesquite Method" in addition to "innerHTML" in Pillow, and there's probably more.
So the prevention of "Browser" accessing Kindle namespace doesn't prevent Mesquite from accessing Kindle namespace and using the rest of the exploit chain