I have some great ideas,but I am not sure if any will ever work.
Maybe there is a way to "dig" into a copy of REL11 and find out "what makes it tick".
If you can find out how/if it is even possible,you could also modify the REL11 copy to make it execute a series of functions to get root access.
Or you could probably even inject the necessary app/data into the REL11 file itself.
For the people like me that already have REL11 installed,you would have to set it to a higher version for it to install over the original REL11.
Otherwise,you would need to literally make a "virus" that enables root access beyond the control of plugged security holes.
Maybe someone will discover another exploit eventually,maybe even on JellyBean.
Another idea involves the use of any kind of app.
The key is to find something similar in an app like the many Nintendo Wii exploits,but much more complex.
You would need this app to cause something like a code dump whenever it crashes.
The idea is to make a mod of this unique app that changes what happens when crashing,such as executing code or whatever else.
This is all I can think of.
Who knows,maybe one kind of flash will work on the JellyBean upgrade.
There is a majority of browsers that supposedly have flash support,and there is FireFox for Android with shumway.
A rather interesting one is Photon Flash Browser,its flash is free (unlike Puffin browser).