diff --git a/debian/qubes-core-agent.install b/debian/qubes-core-agent.install
index a5577522..fecac009 100644
--- a/debian/qubes-core-agent.install
+++ b/debian/qubes-core-agent.install
@@ -56,6 +56,7 @@ etc/qubes/rpc-config/qubes.VMExecGUI
 etc/qubes/suspend-post.d/README
 etc/qubes/suspend-post.d/*.sh
 etc/qubes/suspend-pre.d/README
+etc/security/limits.d/90-qubes-core.conf
 etc/sudoers.d/qt_x11_no_mitshm
 etc/sudoers.d/umask
 etc/sysctl.d/20_tcp_timestamps.conf
@@ -106,6 +107,7 @@ lib/systemd/system/sysinit.target.d/30_qubes.conf
 lib/systemd/system/systemd-timesyncd.service.d/30_qubes.conf
 lib/systemd/system/systemd-logind.service.d/30_qubes.conf
 lib/systemd/resolved.conf.d/30_resolved-no-mdns-or-llmnr.conf
+usr/lib/sysctl.d/20-qubes-core.conf
 usr/lib/systemd/user/tracker-extract-3.service.d/30_qubes.conf
 usr/lib/systemd/user/tracker-miner-fs-3.service.d/30_qubes.conf
 usr/lib/systemd/user/tracker-miner-fs-control-3.service.d/30_qubes.conf
diff --git a/misc/20-qubes-core.conf b/misc/20-qubes-core.conf
new file mode 100644
index 00000000..f1767352
--- /dev/null
+++ b/misc/20-qubes-core.conf
@@ -0,0 +1,5 @@
+# With memory hotplug enabled, default value is calculated based on the initial
+# memory, and is too low for some heavy multi-threads applications like
+# Firefox. Raise the limit
+
+kernel.threads-max = 51200
diff --git a/misc/90-qubes-core.conf b/misc/90-qubes-core.conf
new file mode 100644
index 00000000..ac394650
--- /dev/null
+++ b/misc/90-qubes-core.conf
@@ -0,0 +1,5 @@
+# With memory hotplug enabled, default value is calculated based on the initial
+# memory, and is too low (below 1000) for some heavy multi-threads applications
+# like Firefox. Raise the limit
+@qubes  hard nproc 51200
+@qubes  soft nproc 51200
diff --git a/misc/Makefile b/misc/Makefile
index 8325e772..fb19b55b 100644
--- a/misc/Makefile
+++ b/misc/Makefile
@@ -52,6 +52,8 @@ install:
 	install -m 0755 -d $(DESTDIR)/etc/xdg/xfce4/xfconf/xfce-perchannel-xml
 	install -m 0644 -t $(DESTDIR)/etc/xdg/xfce4/xfconf/xfce-perchannel-xml xfce4-notifyd.xml
 	install -m 0644 -t $(DESTDIR)/etc/xdg/xfce4/xfconf/xfce-perchannel-xml displays.xml
+	install -m 0644 -D -t $(DESTDIR)/etc/security/limits.d 90-qubes-core.conf
+	install -m 0644 -D -t $(DESTDIR)/usr/lib/sysctl.d 20-qubes-core.conf
 
 marker-vm: marker-vm.in
 	printf "$(VERSION)" | cut -f 1,2 -d . | cat $< - > marker-vm
diff --git a/rpm_spec/core-agent.spec.in b/rpm_spec/core-agent.spec.in
index 7f6dbc13..b60a9afc 100644
--- a/rpm_spec/core-agent.spec.in
+++ b/rpm_spec/core-agent.spec.in
@@ -974,6 +974,8 @@ rm -f %{name}-%{version}
 %config(noreplace) /etc/dconf/db/local.d/dpi
 %config(noreplace) /etc/xdg/xfce4/xfconf/xfce-perchannel-xml/xfce4-notifyd.xml
 %config(noreplace) /etc/xdg/xfce4/xfconf/xfce-perchannel-xml/displays.xml
+%config(noreplace) /etc/security/limits.d/90-qubes-core.conf
+/usr/lib/sysctl.d/20-qubes-core.conf
 %_udevrulesdir/50-qubes-mem-hotplug.rules
 %_unitdir/user@.service.d/90-session-stop-timeout.conf
 /usr/sbin/qubes-serial-login