I think trying to exploit/hack/crash/whatever a web browser is common enough these days that the people trying to hack the 3DS should have tried that already. If Nintendo did any sensible security design on the 3DS firmware at all, all one would be able to do is crashing the browser with no other effect then that, or run code in the browser which would not help much as it should not have any direct hardware access. And the hardware ressources the browser can use are probably pretty limited as it is one of the few things you can start without closing a suspended application.
It could of course be possible to gain more rights if the implementation of the browser AND the security system is flawed, but as I said, exploiting a browser is so common these days (probably the most used attack point at the moment to gain remote access) that many 3DS hackers should have tried that.